[OE-core][scarthgap 00/21] Patch review

[OE-core][scarthgap 00/21] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Wednesday, May 22

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6937

The following changes since commit 294a7dbe44f6b7c8d3a1de8c2cc182af37c4f916:

  build-appliance-image: Update to scarthgap head revision (2024-05-09 04:47:57 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Adriaan Schmidt (1):
  libcgroup_3.1.0: fix build on non-systemd systems

Jose Quaresma (2):
  go: Drop the linkmode completely
  Revert "goarch: disable dynamic linking globally"

Kai Kang (1):
  webkitgtk: 2.44.0 -> 2.44.1

Martin Hundebøll (1):
  classes: image_types: apply EXTRA_IMAGECMD:squashfs* in
    oe_mksquashfs()

Mingli Yu (1):
  ncurses: Fix CVE-2023-50495

Peter Marko (6):
  openssl: patch CVE-2024-4603
  glib-2.0: Upgrade 2.78.4 -> 2.78.5
  glib-2.0: Upgrade 2.78.5 -> 2.78.6
  glibc: Update to latest on stable 2.39 branch
  glibc: Update to latest on stable 2.39 branch
  glibc: correct license

Ralph Siemsen (1):
  uboot-sign: fix loop in do_uboot_assemble_fitimage

Ross Burton (3):
  lib/oe/package-manager: allow including self in create_packages_dir
  selftest/classes: add localpkgfeed class
  oeqa/selftest/debuginfod: use localpkgfeed to speed server startup

Sven Schwermer (2):
  recipetool: Handle unclean response in go resolver
  recipetool: Handle several go-import tags in go resolver

Trevor Gamblin (1):
  patchtest: test_metadata: fix invalid escape sequences

Wang Mingyu (1):
  llvm: upgrade 18.1.2 -> 18.1.3

Zev Weiss (1):
  bash: Fix file-substitution error-handling bug

 meta-selftest/classes/localpkgfeed.bbclass    |  27 ++
 meta/classes-recipe/go.bbclass                |   2 -
 meta/classes-recipe/goarch.bbclass            |  14 +-
 meta/classes-recipe/image_types.bbclass       |  20 +-
 meta/classes-recipe/uboot-sign.bbclass        |   2 +-
 meta/lib/oe/package_manager/__init__.py       |   9 +-
 meta/lib/oeqa/selftest/cases/debuginfod.py    |  14 +-
 meta/lib/patchtest/tests/test_metadata.py     |   4 +-
 .../openssl/openssl/CVE-2024-4603.patch       | 179 +++++++++++
 .../openssl/openssl_3.2.1.bb                  |   1 +
 .../glib-2.0/glib-2.0/fix-regex.patch         |  54 ----
 ...{glib-2.0_2.78.4.bb => glib-2.0_2.78.6.bb} |   3 +-
 meta/recipes-core/glibc/glibc-common.inc      |   2 +-
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 ...y-the-header-between-arm-and-aarch64.patch |  47 ++-
 ...e-Pass-mcpu-along-with-march-to-dete.patch |  62 ----
 ...ss.patch => 0023-qemu-stale-process.patch} |   0
 meta/recipes-core/glibc/glibc_2.39.bb         |   7 +-
 ...akefile-install-systemd.h-by-default.patch |  37 +++
 .../recipes-core/libcgroup/libcgroup_3.1.0.bb |   1 +
 .../ncurses/files/CVE-2023-50495.patch        | 301 ++++++++++++++++++
 meta/recipes-core/ncurses/ncurses_6.4.bb      |   1 +
 meta/recipes-devtools/go/go-runtime.inc       |   2 +-
 ...r-sort-ClassInfo-lists-by-name-as-we.patch |   6 +-
 .../bash/bash/fix-filesubst-errexit.patch     |  34 ++
 meta/recipes-extended/bash/bash_5.2.21.bb     |   1 +
 ...af379dc70b4b1a63b01d67179eb431f03ac4.patch |  38 ---
 ...ebkitgtk_2.44.0.bb => webkitgtk_2.44.1.bb} |   3 +-
 scripts/lib/recipetool/create_go.py           |  34 +-
 29 files changed, 685 insertions(+), 222 deletions(-)
 create mode 100644 meta-selftest/classes/localpkgfeed.bbclass
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch
 delete mode 100644 meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch
 rename meta/recipes-core/glib-2.0/{glib-2.0_2.78.4.bb => glib-2.0_2.78.6.bb} (95%)
 delete mode 100644 meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch
 rename meta/recipes-core/glibc/glibc/{0024-qemu-stale-process.patch => 0023-qemu-stale-process.patch} (100%)
 create mode 100644 meta/recipes-core/libcgroup/libcgroup/0001-include-Makefile-install-systemd.h-by-default.patch
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-50495.patch
 create mode 100644 meta/recipes-extended/bash/bash/fix-filesubst-errexit.patch
 delete mode 100644 meta/recipes-sato/webkit/webkitgtk/2922af379dc70b4b1a63b01d67179eb431f03ac4.patch
 rename meta/recipes-sato/webkit/{webkitgtk_2.44.0.bb => webkitgtk_2.44.1.bb} (98%)

-- 
2.34.1

[OE-core][scarthgap 00/21] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, June 4

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6993

with two exceptions, the first a known reproducibility issue also present
on master:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=15491

and the second is a failure on meta-agl-core, which will require an update
to the ptest-runner override in meta-agl once "ptest-runner: Bump to 2.4.4 (95f528c)"
merges.


The following changes since commit 0795169be206f1d4d140fe378e2476a44d0ce02b:

  oeqa/selftest/debuginfod: use localpkgfeed to speed server startup (2024-05-19 13:50:01 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Archana Polampalli (5):
  ghostscript: fix CVE-2024-33870
  ghostscript: fix CVE-2024-33869
  ghostscript: fix CVE-2024-33871
  ghostscript: fix CVE-2024-29510
  xserver-xorg: upgrade 21.1.11 -> 21.1.12

Changqing Li (1):
  ptest-runner: Bump to 2.4.4 (95f528c)

Julien Stephan (2):
  devtool: standard: update-recipe/finish: fix update localfile in
    another layer
  oeqa/selftest/devtool: add test for updating local files into another
    layer

Khem Raj (3):
  llvm: Upgrade to 18.1.4
  llvm: Upgrade to 18.1.5
  llvm: Switch to using release tarballs

Marek Vasut (1):
  gstreamer1.0-plugins-good: Include qttools-native during the build
    with qt5 PACKAGECONFIG

Mark Hatle (1):
  gcc: Fix for CVE-2024-0151

Peter Marko (2):
  ttyrun: define CVE_PRODUCT
  update-rc.d: add +git to PV

Philip Lorenz (2):
  lib/package_manager/ipk: Do not hardcode payload compression algorithm
  ipk: Fix clean up of extracted IPK payload

Rasmus Villemoes (1):
  git: set --with-gitconfig=/etc/gitconfig for -native builds

Ricardo Simoes (1):
  libusb1: Set CVE_PRODUCT

Soumya Sambu (1):
  ncurses: Fix CVE-2023-45918

Yogita Urade (1):
  libarchive: upgrade 3.7.2 -> 3.7.4

 meta/lib/oe/package_manager/ipk/__init__.py   |  14 +-
 meta/lib/oeqa/selftest/cases/devtool.py       |  20 +-
 .../ncurses/files/CVE-2023-45918.patch        | 180 ++++++++++
 meta/recipes-core/ncurses/ncurses_6.4.bb      |   1 +
 meta/recipes-core/ttyrun/ttyrun_2.31.0.bb     |   2 +
 .../update-rc.d/update-rc.d_0.8.bb            |   1 +
 meta/recipes-devtools/gcc/gcc-13.2.inc        |   1 +
 .../gcc/gcc/CVE-2024-0151.patch               | 315 ++++++++++++++++++
 meta/recipes-devtools/git/git_2.44.0.bb       |   1 +
 .../llvm/{llvm_git.bb => llvm_18.1.5.bb}      |  13 +-
 .../ghostscript/CVE-2024-29510.patch          |  84 +++++
 .../ghostscript/CVE-2024-33869-0001.patch     |  39 +++
 .../ghostscript/CVE-2024-33869-0002.patch     |  52 +++
 .../ghostscript/CVE-2024-33870.patch          |  99 ++++++
 .../ghostscript/CVE-2024-33871.patch          |  43 +++
 .../ghostscript/ghostscript_10.02.1.bb        |   5 +
 .../libarchive/libarchive/configurehack.patch |  19 +-
 ...ibarchive_3.7.2.bb => libarchive_3.7.4.bb} |   2 +-
 ...org_21.1.11.bb => xserver-xorg_21.1.12.bb} |   2 +-
 .../gstreamer1.0-plugins-good_1.22.11.bb      |   2 +-
 meta/recipes-support/libusb/libusb1_1.0.27.bb |   2 +
 ...-runner_2.4.3.bb => ptest-runner_2.4.4.bb} |   2 +-
 scripts/lib/devtool/standard.py               |  23 +-
 23 files changed, 888 insertions(+), 34 deletions(-)
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-45918.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc/CVE-2024-0151.patch
 rename meta/recipes-devtools/llvm/{llvm_git.bb => llvm_18.1.5.bb} (93%)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch
 rename meta/recipes-extended/libarchive/{libarchive_3.7.2.bb => libarchive_3.7.4.bb} (96%)
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.11.bb => xserver-xorg_21.1.12.bb} (92%)
 rename meta/recipes-support/ptest-runner/{ptest-runner_2.4.3.bb => ptest-runner_2.4.4.bb} (95%)

-- 
2.34.1

[OE-core][scarthgap 00/21] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Monday, July 8

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7104

The following changes since commit 9abcb18014020804738dfc7d278d7097679f4d19:

  classes/create-spdx-2.2: Fix SPDX Namespace Prefix (2024-06-28 06:28:58 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Antonin Godard (1):
  devtool: ide-sdk: correct help typo

Archana Polampalli (1):
  gstreamer: upgrade 1.22.11 -> 1.22.12

Bruce Ashfield (3):
  linux-yocto/6.6: update to v6.6.34
  linux-yocto/6.6: update to v6.6.35
  linux-yocto/6.6: fix AMD boot trace

Deepthi Hemraj (1):
  llvm: Fix CVE-2024-0151

Guðni Már Gilbert (4):
  python3-requests: cleanup RDEPENDS
  python3-setuptools: drop python3-2to3 from RDEPENDS
  python3-bcrypt: drop python3-six from RDEPENDS
  python3-pyopenssl: drop python3-six from RDEPENDS

Hitendra Prajapati (1):
  QEMU: Fix CVE-2024-3446 & CVE-2024-3567

Jose Quaresma (1):
  openssh: fix CVE-2024-6387

Khem Raj (1):
  pcmanfm: Disable incompatible-pointer-types warning as error

Martin Jansa (1):
  rng-tools: ignore incompatible-pointer-types errors for now

Mingli Yu (1):
  ruby: Fix CVE-2023-36617

Richard Purdie (3):
  python3-jinja2: Upgrade 3.1.3 -> 3.1.4
  oeqa/selftest/recipetool: Fix for usrmerge in DISTRO_FEATURES
  oeqa/selftest/devtool: Fix for usrmerge in DISTRO_FEATURES

Ross Burton (1):
  curl: locale-base-en-us isn't glibc-specific

Siddharth Doshi (1):
  OpenSSL: Security fix for CVE-2024-5535

Yi Zhao (1):
  libpam: fix runtime error in pam_pwhistory moudle

 meta/lib/oeqa/selftest/cases/devtool.py       |    2 +
 meta/lib/oeqa/selftest/cases/recipetool.py    |   16 +-
 .../openssh/openssh/CVE-2024-6387.patch       |   27 +
 .../openssh/openssh_9.6p1.bb                  |    1 +
 .../openssl/openssl/CVE-2024-5535_1.patch     |  113 ++
 .../openssl/openssl/CVE-2024-5535_10.patch    |  203 +++
 .../openssl/openssl/CVE-2024-5535_2.patch     |   43 +
 .../openssl/openssl/CVE-2024-5535_3.patch     |   38 +
 .../openssl/openssl/CVE-2024-5535_4.patch     |   82 ++
 .../openssl/openssl/CVE-2024-5535_5.patch     |  176 +++
 .../openssl/openssl/CVE-2024-5535_6.patch     | 1173 +++++++++++++++++
 .../openssl/openssl/CVE-2024-5535_7.patch     |   43 +
 .../openssl/openssl/CVE-2024-5535_8.patch     |   66 +
 .../openssl/openssl/CVE-2024-5535_9.patch     |  271 ++++
 .../openssl/openssl_3.2.2.bb                  |   10 +
 .../llvm/0002-llvm-Fix-CVE-2024-0151.patch    | 1086 +++++++++++++++
 meta/recipes-devtools/llvm/llvm_18.1.5.bb     |    1 +
 .../python/python3-bcrypt_4.1.2.bb            |    1 -
 ...inja2_3.1.3.bb => python3-jinja2_3.1.4.bb} |    8 +-
 .../python/python3-pyopenssl_24.0.0.bb        |    1 -
 .../python/python3-requests_2.31.0.bb         |    6 +-
 .../python/python3-setuptools_69.1.1.bb       |    1 -
 meta/recipes-devtools/qemu/qemu.inc           |    5 +
 .../qemu/qemu/CVE-2024-3446-01.patch          |   73 +
 .../qemu/qemu/CVE-2024-3446-02.patch          |   48 +
 .../qemu/qemu/CVE-2024-3446-03.patch          |   47 +
 .../qemu/qemu/CVE-2024-3446-04.patch          |   52 +
 .../qemu/qemu/CVE-2024-3567.patch             |   48 +
 .../ruby/ruby/CVE-2023-36617_1.patch          |   56 +
 .../ruby/ruby/CVE-2023-36617_2.patch          |   52 +
 meta/recipes-devtools/ruby/ruby_3.2.2.bb      |    2 +
 ...x-passing-NULL-filename-argument-to-.patch |   69 +
 meta/recipes-extended/pam/libpam_1.5.3.bb     |    1 +
 .../linux/linux-yocto-rt_6.6.bb               |    6 +-
 .../linux/linux-yocto-tiny_6.6.bb             |    6 +-
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  |   28 +-
 ...ols_1.22.11.bb => gst-devtools_1.22.12.bb} |    2 +-
 ...22.11.bb => gstreamer1.0-libav_1.22.12.bb} |    2 +-
 ...1.22.11.bb => gstreamer1.0-omx_1.22.12.bb} |    2 +-
 ...bb => gstreamer1.0-plugins-bad_1.22.12.bb} |    2 +-
 ...b => gstreamer1.0-plugins-base_1.22.12.bb} |    2 +-
 ...b => gstreamer1.0-plugins-good_1.22.12.bb} |    2 +-
 ...b => gstreamer1.0-plugins-ugly_1.22.12.bb} |    2 +-
 ...2.11.bb => gstreamer1.0-python_1.22.12.bb} |    2 +-
 ...bb => gstreamer1.0-rtsp-server_1.22.12.bb} |    2 +-
 ...22.11.bb => gstreamer1.0-vaapi_1.22.12.bb} |    2 +-
 ...1.0_1.22.11.bb => gstreamer1.0_1.22.12.bb} |    2 +-
 meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb    |    2 +
 meta/recipes-support/curl/curl_8.7.1.bb       |    2 +-
 .../rng-tools/rng-tools_6.16.bb               |    4 +
 scripts/lib/devtool/ide_sdk.py                |    2 +-
 51 files changed, 3844 insertions(+), 49 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_10.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch
 create mode 100644 meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch
 rename meta/recipes-devtools/python/{python3-jinja2_3.1.3.bb => python3-jinja2_3.1.4.bb} (79%)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
 create mode 100644 meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch
 rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.22.11.bb => gst-devtools_1.22.12.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.22.11.bb => gstreamer1.0-libav_1.22.12.bb} (91%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.22.11.bb => gstreamer1.0-omx_1.22.12.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.22.11.bb => gstreamer1.0-plugins-bad_1.22.12.bb} (98%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.22.11.bb => gstreamer1.0-plugins-base_1.22.12.bb} (98%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.22.11.bb => gstreamer1.0-plugins-good_1.22.12.bb} (97%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.22.11.bb => gstreamer1.0-plugins-ugly_1.22.12.bb} (94%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.22.11.bb => gstreamer1.0-python_1.22.12.bb} (91%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.22.11.bb => gstreamer1.0-rtsp-server_1.22.12.bb} (90%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.22.11.bb => gstreamer1.0-vaapi_1.22.12.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.22.11.bb => gstreamer1.0_1.22.12.bb} (97%)

-- 
2.34.1

[OE-core][scarthgap 00/21] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, November 25

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2755

The following changes since commit 471adaa5f77fa3b974eab60a2ded48e360042828:

  build-appliance-image: Update to scarthgap head revision (2025-11-17 17:00:25 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Alexander Kanavin (1):
  goarch.bbclass: do not leak TUNE_FEATURES into crosssdk task
    signatures

Gyorgy Sarvari (2):
  musl: patch CVE-2025-26519
  glslang: fix compiling with gcc15

Hongxu Jia (1):
  spdx30: Provide software_packageUrl field in SPDX 3.0 SBOM

Hugo SIMELIERE (1):
  sqlite3: patch CVE-2025-7709

Osama Abdelkader (3):
  go: add sdk test
  go: extend runtime test
  go: remove duplicate arch map in sdk test

Ovidiu Panait (1):
  rust-target-config: fix nativesdk-libstd-rs build with baremetal

Peter Marko (4):
  spdx30: fix cve status for patch files in VEX
  oeqa: fix package detection in go sdk tests
  oeqa: drop unnecessary dependency from go runtime tests
  oeqa/sdk/buildepoxy: skip test in eSDK

Ross Burton (5):
  xserver-xorg: remove redundant patch
  xserver-xorg: fix CVE-2025-62229 CVE-2025-62230 CVE-2025-62231
  testsdk: allow user to specify which tests to run
  oe/sdk: fix empty SDK manifests
  lib/oe/go: document map_arch, and raise an error on unknown
    architecture

Yogita Urade (3):
  xwayland: fix CVE-2025-62229
  xwayland: fix CVE-2025-62230
  xwayland: fix CVE-2025-62231

 meta/classes-recipe/goarch.bbclass            |   3 +
 .../classes-recipe/rust-target-config.bbclass |   3 +-
 meta/classes-recipe/testsdk.bbclass           |   3 +
 meta/classes/create-spdx-3.0.bbclass          |   5 +
 meta/lib/oe/go.py                             |   6 +-
 meta/lib/oe/sdk.py                            |   3 +-
 meta/lib/oe/spdx30_tasks.py                   |  16 ++-
 meta/lib/oeqa/files/test.go                   |   7 ++
 meta/lib/oeqa/runtime/cases/go.py             |  66 +++++++++++
 meta/lib/oeqa/sdk/cases/buildepoxy.py         |   4 +
 meta/lib/oeqa/sdk/cases/go.py                 | 107 ++++++++++++++++++
 meta/lib/oeqa/sdk/testsdk.py                  |   3 +-
 meta/lib/oeqa/sdkext/testsdk.py               |   3 +-
 .../musl/musl/CVE-2025-26519-1.patch          |  39 +++++++
 .../musl/musl/CVE-2025-26519-2.patch          |  38 +++++++
 meta/recipes-core/musl/musl_git.bb            |   4 +-
 ...uilder.h-add-missing-cstdint-include.patch |  30 +++++
 .../glslang/glslang_1.3.275.0.bb              |   1 +
 ...-duplicate-definitions-of-IOPortBase.patch |  28 -----
 ...after-free-in-present_create_notifie.patch |  91 +++++++++++++++
 ...ke-the-RT_XKBCLIENT-resource-private.patch |  63 +++++++++++
 ...KB-resource-when-freeing-XkbInterest.patch |  92 +++++++++++++++
 ...-Prevent-overflow-in-XkbSetCompatMap.patch |  53 +++++++++
 .../xorg-xserver/xserver-xorg_21.1.18.bb      |   7 +-
 .../xwayland/xwayland/CVE-2025-62229.patch    |  89 +++++++++++++++
 .../xwayland/CVE-2025-62230-0001.patch        |  60 ++++++++++
 .../xwayland/CVE-2025-62230-0002.patch        |  89 +++++++++++++++
 .../xwayland/xwayland/CVE-2025-62231.patch    |  50 ++++++++
 .../xwayland/xwayland_23.2.5.bb               |   4 +
 .../sqlite/sqlite3/CVE-2025-7709.patch        |  33 ++++++
 meta/recipes-support/sqlite/sqlite3_3.45.3.bb |   1 +
 31 files changed, 964 insertions(+), 37 deletions(-)
 create mode 100644 meta/lib/oeqa/files/test.go
 create mode 100644 meta/lib/oeqa/sdk/cases/go.py
 create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
 create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-2.patch
 create mode 100644 meta/recipes-graphics/glslang/glslang/0001-SPIRV-SpvBuilder.h-add-missing-cstdint-include.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-Avoid-duplicate-definitions-of-IOPortBase.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-present-Fix-use-after-free-in-present_create_notifie.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0002-xkb-Make-the-RT_XKBCLIENT-resource-private.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-xkb-Free-the-XKB-resource-when-freeing-XkbInterest.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0004-xkb-Prevent-overflow-in-XkbSetCompatMap.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0001.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0002.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch
 create mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2025-7709.patch

-- 
2.43.0

[OE-core][scarthgap 01/21] spdx30: fix cve status for patch files in VEX

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

This commit fixes commit 08595b39b46ef2bf3a928d4528292ee31a990c98
which adapts vex creation between function create_spdx where all changes
were backported and funtion get_patched_cves where changes were not
backported.

CVE patches were previously ignored as they cannot be decoded from
CVE_STATUS variables and each caused a warning like:
WARNING: ncurses-native-6.4-r0 do_create_spdx: Skipping CVE-2023-50495 — missing or unknown CVE status

Master branch uses fix-file-included for CVE patches however since
cve-check-map.conf was not part of spdx-3.0 backport, closest one
available (backported-patch) was implemented.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/spdx30_tasks.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index 6b0aa137c4..8115088ab8 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -503,7 +503,13 @@ def create_spdx(d):
     if include_vex != "none":
         patched_cves = oe.cve_check.get_patched_cves(d)
         for cve_id in patched_cves:
-            mapping, detail, description = oe.cve_check.decode_cve_status(d, cve_id)
+            # decode_cve_status is decoding CVE_STATUS, so patch files need to be hardcoded
+            if cve_id in (d.getVarFlags("CVE_STATUS") or {}):
+                mapping, detail, description = oe.cve_check.decode_cve_status(d, cve_id)
+            else:
+                mapping = "Patched"
+                detail = "backported-patch"  # fix-file-included is not available in scarthgap
+                description = None
 
             if not mapping or not detail:
                 bb.warn(f"Skipping {cve_id} — missing or unknown CVE status")
-- 
2.43.0

[OE-core][scarthgap 02/21] spdx30: Provide software_packageUrl field in SPDX 3.0 SBOM

[Steve Sakoman]

From: Hongxu Jia <hongxu.jia@windriver.com>

Define var-SPDX_PACKAGE_URL to provide software_packageUrl field [1][2]
in SPDX 3.0 SBOM, support to override with package name
SPDX_PACKAGE_URL:<pkgname>

Currently, the format of purl is not defined in Yocto, set empty for now
until we have a comprehensive plan for what Yocto purls look like.
But users could customize their own purl by setting var-SPDX_PACKAGE_URL

[1] https://spdx.github.io/spdx-spec/v3.0.1/model/Software/Properties/packageUrl/
[2] https://spdx.github.io/spdx-spec/v3.0.1/annexes/pkg-url-specification/

(From OE-Core rev: c8e6953a0b6f59ffca994c440069db39e60b12d2)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/create-spdx-3.0.bbclass | 5 +++++
 meta/lib/oe/spdx30_tasks.py          | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass
index 044517d9f7..c0a5436ad6 100644
--- a/meta/classes/create-spdx-3.0.bbclass
+++ b/meta/classes/create-spdx-3.0.bbclass
@@ -117,6 +117,11 @@ SPDX_PACKAGE_VERSION ??= "${PV}"
 SPDX_PACKAGE_VERSION[doc] = "The version of a package, software_packageVersion \
     in software_Package"
 
+SPDX_PACKAGE_URL ??= ""
+SPDX_PACKAGE_URL[doc] = "Provides a place for the SPDX data creator to record \
+the package URL string (in accordance with the Package URL specification) for \
+a software Package."
+
 IMAGE_CLASSES:append = " create-spdx-image-3.0"
 SDK_CLASSES += "create-spdx-sdk-3.0"
 
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index 8115088ab8..a2d316301f 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -632,6 +632,14 @@ def create_spdx(d):
             set_var_field("SUMMARY", spdx_package, "summary", package=package)
             set_var_field("DESCRIPTION", spdx_package, "description", package=package)
 
+            if d.getVar("SPDX_PACKAGE_URL:%s" % package) or d.getVar("SPDX_PACKAGE_URL"):
+                set_var_field(
+                    "SPDX_PACKAGE_URL",
+                    spdx_package,
+                    "software_packageUrl",
+                    package=package
+                )
+
             pkg_objset.new_scoped_relationship(
                 [oe.sbom30.get_element_link_id(build)],
                 oe.spdx30.RelationshipType.hasOutput,
-- 
2.43.0

[OE-core][scarthgap 03/21] sqlite3: patch CVE-2025-7709

[Steve Sakoman]

From: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>

Pick commit used in debian patch https://git.launchpad.net/ubuntu/+source/sqlite3/commit/?id=9a309a50fa99e3b69623894bfd7d1f84d9fab33c
Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/192d0ff8ccf0bf55776a5930cdc64e25f87299d6]

Signed-off-by: Bruno VERNAY <bruno.vernay@se.com>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../sqlite/sqlite3/CVE-2025-7709.patch        | 33 +++++++++++++++++++
 meta/recipes-support/sqlite/sqlite3_3.45.3.bb |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2025-7709.patch

diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2025-7709.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2025-7709.patch
new file mode 100644
index 0000000000..820262881f
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2025-7709.patch
@@ -0,0 +1,33 @@
+From a7ed2fcba8ef1df4bcd846d895469ca72542be07 Mon Sep 17 00:00:00 2001
+From: Hugo SIMELIERE <simeliere.hugo@non.se.com>
+Date: Fri, 14 Nov 2025 15:31:17 +0100
+Subject: [PATCH] Optimize allocation of large tombstone arrays in fts5.
+
+FossilOrigin-Name: 0fcc3cbdfa21adf97aed01fa76991cccf9380e2755b0182a9e2c94e3c8fb38d7
+
+CVE: CVE-2025-7709
+Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/192d0ff8ccf0bf55776a5930cdc64e25f87299d6]
+Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
+---
+ sqlite3.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 1ee8de4..43f59e2 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -240724,9 +240724,9 @@ static void fts5SegIterSetNext(Fts5Index *p, Fts5SegIter *pIter){
+ ** leave an error in the Fts5Index object.
+ */
+ static void fts5SegIterAllocTombstone(Fts5Index *p, Fts5SegIter *pIter){
+-  const int nTomb = pIter->pSeg->nPgTombstone;
++  const i64 nTomb = (i64)pIter->pSeg->nPgTombstone;
+   if( nTomb>0 ){
+-    int nByte = nTomb * sizeof(Fts5Data*) + sizeof(Fts5TombstoneArray);
++    i64 nByte = nTomb * sizeof(Fts5Data*) + sizeof(Fts5TombstoneArray);
+     Fts5TombstoneArray *pNew;
+     pNew = (Fts5TombstoneArray*)sqlite3Fts5MallocZero(&p->rc, nByte);
+     if( pNew ){
+-- 
+2.43.0
+
diff --git a/meta/recipes-support/sqlite/sqlite3_3.45.3.bb b/meta/recipes-support/sqlite/sqlite3_3.45.3.bb
index 60a8f1449b..05bfaac1af 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.45.3.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.45.3.bb
@@ -7,6 +7,7 @@ SRC_URI = "http://www.sqlite.org/2024/sqlite-autoconf-${SQLITE_PV}.tar.gz \
            file://CVE-2025-3277.patch \
            file://CVE-2025-29088.patch \
            file://CVE-2025-6965.patch \
+           file://CVE-2025-7709.patch \
           "
 SRC_URI[sha256sum] = "b2809ca53124c19c60f42bf627736eae011afdcc205bb48270a5ee9a38191531"
 
-- 
2.43.0

[OE-core][scarthgap 04/21] xserver-xorg: remove redundant patch

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

The underlying issue with -fno-common was resolved upstream in xserver
21.1.0 onwards[1].

[1] xserver 0148a15da ("compiler.h: don't define inb/outb and friends on mips")

(From OE-Core rev: 74b77ee90efd50a703af76769fac66a0f7c394ca)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...-duplicate-definitions-of-IOPortBase.patch | 28 -------------------
 .../xorg-xserver/xserver-xorg_21.1.18.bb      |  4 +--
 2 files changed, 1 insertion(+), 31 deletions(-)
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-Avoid-duplicate-definitions-of-IOPortBase.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-Avoid-duplicate-definitions-of-IOPortBase.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-Avoid-duplicate-definitions-of-IOPortBase.patch
deleted file mode 100644
index e9cbc9b4da..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-Avoid-duplicate-definitions-of-IOPortBase.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From cedc797e1a0850039a25b7e387b342e54fffcc97 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 17 Aug 2020 10:50:51 -0700
-Subject: [PATCH] Avoid duplicate definitions of IOPortBase
-
-This fixed build with gcc10/-fno-common
-
-Fixes
-compiler.h:528: multiple definition of `IOPortBase';
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- hw/xfree86/os-support/linux/lnx_video.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/xfree86/os-support/linux/lnx_video.c b/hw/xfree86/os-support/linux/lnx_video.c
-index fd83022..1d0d96e 100644
---- a/hw/xfree86/os-support/linux/lnx_video.c
-+++ b/hw/xfree86/os-support/linux/lnx_video.c
-@@ -78,6 +78,7 @@ xf86OSInitVidMem(VidMemInfoPtr pVidMem)
- /***************************************************************************/
- /* I/O Permissions section                                                 */
- /***************************************************************************/
-+_X_EXPORT unsigned int IOPortBase;      /* Memory mapped I/O port area */
- 
- #if defined(__powerpc__)
- volatile unsigned char *ioBase = NULL;
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
index 14c45be432..1e341553f9 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
@@ -1,8 +1,6 @@
 require xserver-xorg.inc
 
-SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
-           file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
-           "
+SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch"
 SRC_URI[sha256sum] = "c878d1930d87725d4a5bf498c24f4be8130d5b2646a9fd0f2994deff90116352"
 
 # These extensions are now integrated into the server, so declare the migration
-- 
2.43.0

[OE-core][scarthgap 05/21] xserver-xorg: fix CVE-2025-62229 CVE-2025-62230 CVE-2025-62231

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

>From https://lists.x.org/archives/xorg-announce/2025-October/003635.html:

1) CVE-2025-62229: Use-after-free in XPresentNotify structures creation

    Using the X11 Present extension, when processing and adding the
    notifications after presenting a pixmap, if an error occurs, a dangling
    pointer may be left in the error code path of the function causing a
    use-after-free when eventually destroying the notification structures
    later.

    Introduced in: Xorg 1.15
    Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
    Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/5a4286b1
    Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.

2) CVE-2025-62230: Use-after-free in Xkb client resource removal

    When removing the Xkb resources for a client, the function
    XkbRemoveResourceClient() will free the XkbInterest data associated
    with the device, but not the resource associated with it.

    As a result, when the client terminates, the resource delete function
    triggers a use-after-free.

    Introduced in: X11R6
    Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
    Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/99790a2c
         https://gitlab.freedesktop.org/xorg/xserver/-/commit/10c94238
    Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.

3) CVE-2025-62231: Value overflow in Xkb extension XkbSetCompatMap()

    The XkbCompatMap structure stores some of its values using an unsigned
    short, but fails to check whether the sum of the input data might
    overflow the maximum unsigned short value.

    Introduced in: X11R6
    Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
    Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49
    Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.

(From OE-Core rev: 50b9c34ba932761fab9035a54e58466d72b097bf)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...after-free-in-present_create_notifie.patch | 91 ++++++++++++++++++
 ...ke-the-RT_XKBCLIENT-resource-private.patch | 63 +++++++++++++
 ...KB-resource-when-freeing-XkbInterest.patch | 92 +++++++++++++++++++
 ...-Prevent-overflow-in-XkbSetCompatMap.patch | 53 +++++++++++
 .../xorg-xserver/xserver-xorg_21.1.18.bb      |  7 +-
 5 files changed, 305 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-present-Fix-use-after-free-in-present_create_notifie.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0002-xkb-Make-the-RT_XKBCLIENT-resource-private.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-xkb-Free-the-XKB-resource-when-freeing-XkbInterest.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0004-xkb-Prevent-overflow-in-XkbSetCompatMap.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-present-Fix-use-after-free-in-present_create_notifie.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-present-Fix-use-after-free-in-present_create_notifie.patch
new file mode 100644
index 0000000000..fa8bc542d8
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-present-Fix-use-after-free-in-present_create_notifie.patch
@@ -0,0 +1,91 @@
+From 359c9c0478406fe00e0d4c5d52bd9bf8c2ca4081 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 2 Jul 2025 09:46:22 +0200
+Subject: [PATCH 1/4] present: Fix use-after-free in present_create_notifies()
+
+Using the Present extension, if an error occurs while processing and
+adding the notifications after presenting a pixmap, the function
+present_create_notifies() will clean up and remove the notifications
+it added.
+
+However, there are two different code paths that can lead to an error
+creating the notify, one being before the notify is being added to the
+list, and another one after the notify is added.
+
+When the error occurs before it's been added, it removes the elements up
+to the last added element, instead of the actual number of elements
+which were added.
+
+As a result, in case of error, as with an invalid window for example, it
+leaves a dangling pointer to the last element, leading to a use after
+free case later:
+
+ |  Invalid write of size 8
+ |     at 0x5361D5: present_clear_window_notifies (present_notify.c:42)
+ |     by 0x534A56: present_destroy_window (present_screen.c:107)
+ |     by 0x41E441: xwl_destroy_window (xwayland-window.c:1959)
+ |     by 0x4F9EC9: compDestroyWindow (compwindow.c:622)
+ |     by 0x51EAC4: damageDestroyWindow (damage.c:1592)
+ |     by 0x4FDC29: DbeDestroyWindow (dbe.c:1291)
+ |     by 0x4EAC55: FreeWindowResources (window.c:1023)
+ |     by 0x4EAF59: DeleteWindow (window.c:1091)
+ |     by 0x4DE59A: doFreeResource (resource.c:890)
+ |     by 0x4DEFB2: FreeClientResources (resource.c:1156)
+ |     by 0x4A9AFB: CloseDownClient (dispatch.c:3567)
+ |     by 0x5DCC78: ClientReady (connection.c:603)
+ |   Address 0x16126200 is 16 bytes inside a block of size 2,048 free'd
+ |     at 0x4841E43: free (vg_replace_malloc.c:989)
+ |     by 0x5363DD: present_destroy_notifies (present_notify.c:111)
+ |     by 0x53638D: present_create_notifies (present_notify.c:100)
+ |     by 0x5368E9: proc_present_pixmap_common (present_request.c:164)
+ |     by 0x536A7D: proc_present_pixmap (present_request.c:189)
+ |     by 0x536FA9: proc_present_dispatch (present_request.c:337)
+ |     by 0x4A1E4E: Dispatch (dispatch.c:561)
+ |     by 0x4B00F1: dix_main (main.c:284)
+ |     by 0x42879D: main (stubmain.c:34)
+ |   Block was alloc'd at
+ |     at 0x48463F3: calloc (vg_replace_malloc.c:1675)
+ |     by 0x5362A1: present_create_notifies (present_notify.c:81)
+ |     by 0x5368E9: proc_present_pixmap_common (present_request.c:164)
+ |     by 0x536A7D: proc_present_pixmap (present_request.c:189)
+ |     by 0x536FA9: proc_present_dispatch (present_request.c:337)
+ |     by 0x4A1E4E: Dispatch (dispatch.c:561)
+ |     by 0x4B00F1: dix_main (main.c:284)
+ |     by 0x42879D: main (stubmain.c:34)
+
+To fix the issue, count and remove the actual number of notify elements
+added in case of error.
+
+CVE-2025-62229, ZDI-CAN-27238
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+(cherry picked from commit 5a4286b13f631b66c20f5bc8db7b68211dcbd1d0)
+
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2087>
+
+CVE: CVE-2025-62229
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ present/present_notify.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/present/present_notify.c b/present/present_notify.c
+index 445954998..00b3b68bd 100644
+--- a/present/present_notify.c
++++ b/present/present_notify.c
+@@ -90,7 +90,7 @@ present_create_notifies(ClientPtr client, int num_notifies, xPresentNotify *x_no
+         if (status != Success)
+             goto bail;
+ 
+-        added = i;
++        added++;
+     }
+     return Success;
+ 
+-- 
+2.43.0
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0002-xkb-Make-the-RT_XKBCLIENT-resource-private.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0002-xkb-Make-the-RT_XKBCLIENT-resource-private.patch
new file mode 100644
index 0000000000..ed25f4b58e
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0002-xkb-Make-the-RT_XKBCLIENT-resource-private.patch
@@ -0,0 +1,63 @@
+From a3d5c76ee8925ef9846c72e2327674b84e3fcdb3 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 10 Sep 2025 15:55:06 +0200
+Subject: [PATCH 2/4] xkb: Make the RT_XKBCLIENT resource private
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently, the resource in only available to the xkb.c source file.
+
+In preparation for the next commit, to be able to free the resources
+from XkbRemoveResourceClient(), make that variable private instead.
+
+This is related to:
+
+CVE-2025-62230, ZDI-CAN-27545
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
+(cherry picked from commit 99790a2c9205a52fbbec01f21a92c9b7f4ed1d8f)
+
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2087>
+
+CVE: CVE-2025-62230
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ include/xkbsrv.h | 2 ++
+ xkb/xkb.c        | 2 +-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/include/xkbsrv.h b/include/xkbsrv.h
+index fbb5427e1..b2766277c 100644
+--- a/include/xkbsrv.h
++++ b/include/xkbsrv.h
+@@ -58,6 +58,8 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ #include "inputstr.h"
+ #include "events.h"
+ 
++extern RESTYPE RT_XKBCLIENT;
++
+ typedef struct _XkbInterest {
+     DeviceIntPtr dev;
+     ClientPtr client;
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 5131bfcdf..26d965d48 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -51,7 +51,7 @@ int XkbKeyboardErrorCode;
+ CARD32 xkbDebugFlags = 0;
+ static CARD32 xkbDebugCtrls = 0;
+ 
+-static RESTYPE RT_XKBCLIENT;
++RESTYPE RT_XKBCLIENT = 0;
+ 
+ /***====================================================================***/
+ 
+-- 
+2.43.0
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-xkb-Free-the-XKB-resource-when-freeing-XkbInterest.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-xkb-Free-the-XKB-resource-when-freeing-XkbInterest.patch
new file mode 100644
index 0000000000..f55e3d4126
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-xkb-Free-the-XKB-resource-when-freeing-XkbInterest.patch
@@ -0,0 +1,92 @@
+From 32b12feb6f9f3d32532ff75c7434a7426b85e0c3 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 10 Sep 2025 15:58:57 +0200
+Subject: [PATCH 3/4] xkb: Free the XKB resource when freeing XkbInterest
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+XkbRemoveResourceClient() would free the XkbInterest data associated
+with the device, but not the resource associated with it.
+
+As a result, when the client terminates, the resource delete function
+gets called and accesses already freed memory:
+
+ | Invalid read of size 8
+ |   at 0x5BC0C0: XkbRemoveResourceClient (xkbEvents.c:1047)
+ |   by 0x5B3391: XkbClientGone (xkb.c:7094)
+ |   by 0x4DF138: doFreeResource (resource.c:890)
+ |   by 0x4DFB50: FreeClientResources (resource.c:1156)
+ |   by 0x4A9A59: CloseDownClient (dispatch.c:3550)
+ |   by 0x5E0A53: ClientReady (connection.c:601)
+ |   by 0x5E4FEF: ospoll_wait (ospoll.c:657)
+ |   by 0x5DC834: WaitForSomething (WaitFor.c:206)
+ |   by 0x4A1BA5: Dispatch (dispatch.c:491)
+ |   by 0x4B0070: dix_main (main.c:277)
+ |   by 0x4285E7: main (stubmain.c:34)
+ | Address 0x1893e278 is 184 bytes inside a block of size 928 free'd
+ |   at 0x4842E43: free (vg_replace_malloc.c:989)
+ |   by 0x49C1A6: CloseDevice (devices.c:1067)
+ |   by 0x49C522: CloseOneDevice (devices.c:1193)
+ |   by 0x49C6E4: RemoveDevice (devices.c:1244)
+ |   by 0x5873D4: remove_master (xichangehierarchy.c:348)
+ |   by 0x587921: ProcXIChangeHierarchy (xichangehierarchy.c:504)
+ |   by 0x579BF1: ProcIDispatch (extinit.c:390)
+ |   by 0x4A1D85: Dispatch (dispatch.c:551)
+ |   by 0x4B0070: dix_main (main.c:277)
+ |   by 0x4285E7: main (stubmain.c:34)
+ | Block was alloc'd at
+ |   at 0x48473F3: calloc (vg_replace_malloc.c:1675)
+ |   by 0x49A118: AddInputDevice (devices.c:262)
+ |   by 0x4A0E58: AllocDevicePair (devices.c:2846)
+ |   by 0x5866EE: add_master (xichangehierarchy.c:153)
+ |   by 0x5878C2: ProcXIChangeHierarchy (xichangehierarchy.c:493)
+ |   by 0x579BF1: ProcIDispatch (extinit.c:390)
+ |   by 0x4A1D85: Dispatch (dispatch.c:551)
+ |   by 0x4B0070: dix_main (main.c:277)
+ |   by 0x4285E7: main (stubmain.c:34)
+
+To avoid that issue, make sure to free the resources when freeing the
+device XkbInterest data.
+
+CVE-2025-62230, ZDI-CAN-27545
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
+(cherry picked from commit 10c94238bdad17c11707e0bdaaa3a9cd54c504be)
+
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2087>
+
+CVE: CVE-2025-62230
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ xkb/xkbEvents.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c
+index 0bbd66186..3d04ecf0c 100644
+--- a/xkb/xkbEvents.c
++++ b/xkb/xkbEvents.c
+@@ -1056,6 +1056,7 @@ XkbRemoveResourceClient(DevicePtr inDev, XID id)
+             autoCtrls = interest->autoCtrls;
+             autoValues = interest->autoCtrlValues;
+             client = interest->client;
++            FreeResource(interest->resource, RT_XKBCLIENT);
+             free(interest);
+             found = TRUE;
+         }
+@@ -1067,6 +1068,7 @@ XkbRemoveResourceClient(DevicePtr inDev, XID id)
+                 autoCtrls = victim->autoCtrls;
+                 autoValues = victim->autoCtrlValues;
+                 client = victim->client;
++                FreeResource(victim->resource, RT_XKBCLIENT);
+                 free(victim);
+                 found = TRUE;
+             }
+-- 
+2.43.0
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0004-xkb-Prevent-overflow-in-XkbSetCompatMap.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0004-xkb-Prevent-overflow-in-XkbSetCompatMap.patch
new file mode 100644
index 0000000000..5036f0c9f0
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0004-xkb-Prevent-overflow-in-XkbSetCompatMap.patch
@@ -0,0 +1,53 @@
+From 364f06788f1de4edc0547c7f29d338e6deffc138 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 10 Sep 2025 16:30:29 +0200
+Subject: [PATCH 4/4] xkb: Prevent overflow in XkbSetCompatMap()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The XkbCompatMap structure stores its "num_si" and "size_si" fields
+using an unsigned short.
+
+However, the function _XkbSetCompatMap() will store the sum of the
+input data "firstSI" and "nSI" in both XkbCompatMap's "num_si" and
+"size_si" without first checking if the sum overflows the maximum
+unsigned short value, leading to a possible overflow.
+
+To avoid the issue, check whether the sum does not exceed the maximum
+unsigned short value, or return a "BadValue" error otherwise.
+
+CVE-2025-62231, ZDI-CAN-27560
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
+(cherry picked from commit 475d9f49acd0e55bc0b089ed77f732ad18585470)
+
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2087>
+
+CVE: CVE-2025-62231
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ xkb/xkb.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 26d965d48..137d70da2 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -2992,6 +2992,8 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
+         XkbSymInterpretPtr sym;
+         unsigned int skipped = 0;
+ 
++        if ((unsigned) (req->firstSI + req->nSI) > USHRT_MAX)
++            return BadValue;
+         if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
+             compat->num_si = compat->size_si = req->firstSI + req->nSI;
+             compat->sym_interpret = reallocarray(compat->sym_interpret,
+-- 
+2.43.0
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
index 1e341553f9..7f6197a0b4 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
@@ -1,6 +1,11 @@
 require xserver-xorg.inc
 
-SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch"
+SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
+            file://0001-present-Fix-use-after-free-in-present_create_notifie.patch \
+            file://0002-xkb-Make-the-RT_XKBCLIENT-resource-private.patch \
+            file://0003-xkb-Free-the-XKB-resource-when-freeing-XkbInterest.patch \
+            file://0004-xkb-Prevent-overflow-in-XkbSetCompatMap.patch \
+            "
 SRC_URI[sha256sum] = "c878d1930d87725d4a5bf498c24f4be8130d5b2646a9fd0f2994deff90116352"
 
 # These extensions are now integrated into the server, so declare the migration
-- 
2.43.0

[OE-core][scarthgap 06/21] xwayland: fix CVE-2025-62229

[Steve Sakoman]

From: Yogita Urade <yogita.urade@windriver.com>

A flaw was found in the X.Org X server and Xwayland when processing
X11 Present extension notifications. Improper error handling during
notification creation can leave dangling pointers that lead to a
use-after-free condition. This can cause memory corruption or a crash,
potentially allowing an attacker to execute arbitrary code or cause a
denial of service.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-62229

Upstream patch:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/5a4286b13f631b66c20f5bc8db7b68211dcbd1d0

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xwayland/xwayland/CVE-2025-62229.patch    | 89 +++++++++++++++++++
 .../xwayland/xwayland_23.2.5.bb               |  1 +
 2 files changed, 90 insertions(+)
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch

diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch
new file mode 100644
index 0000000000..f27bd00434
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch
@@ -0,0 +1,89 @@
+From 5a4286b13f631b66c20f5bc8db7b68211dcbd1d0 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 2 Jul 2025 09:46:22 +0200
+Subject: [PATCH] present: Fix use-after-free in present_create_notifies()
+
+Using the Present extension, if an error occurs while processing and
+adding the notifications after presenting a pixmap, the function
+present_create_notifies() will clean up and remove the notifications
+it added.
+
+However, there are two different code paths that can lead to an error
+creating the notify, one being before the notify is being added to the
+list, and another one after the notify is added.
+
+When the error occurs before it's been added, it removes the elements up
+to the last added element, instead of the actual number of elements
+which were added.
+
+As a result, in case of error, as with an invalid window for example, it
+leaves a dangling pointer to the last element, leading to a use after
+free case later:
+
+ |  Invalid write of size 8
+ |     at 0x5361D5: present_clear_window_notifies (present_notify.c:42)
+ |     by 0x534A56: present_destroy_window (present_screen.c:107)
+ |     by 0x41E441: xwl_destroy_window (xwayland-window.c:1959)
+ |     by 0x4F9EC9: compDestroyWindow (compwindow.c:622)
+ |     by 0x51EAC4: damageDestroyWindow (damage.c:1592)
+ |     by 0x4FDC29: DbeDestroyWindow (dbe.c:1291)
+ |     by 0x4EAC55: FreeWindowResources (window.c:1023)
+ |     by 0x4EAF59: DeleteWindow (window.c:1091)
+ |     by 0x4DE59A: doFreeResource (resource.c:890)
+ |     by 0x4DEFB2: FreeClientResources (resource.c:1156)
+ |     by 0x4A9AFB: CloseDownClient (dispatch.c:3567)
+ |     by 0x5DCC78: ClientReady (connection.c:603)
+ |   Address 0x16126200 is 16 bytes inside a block of size 2,048 free'd
+ |     at 0x4841E43: free (vg_replace_malloc.c:989)
+ |     by 0x5363DD: present_destroy_notifies (present_notify.c:111)
+ |     by 0x53638D: present_create_notifies (present_notify.c:100)
+ |     by 0x5368E9: proc_present_pixmap_common (present_request.c:164)
+ |     by 0x536A7D: proc_present_pixmap (present_request.c:189)
+ |     by 0x536FA9: proc_present_dispatch (present_request.c:337)
+ |     by 0x4A1E4E: Dispatch (dispatch.c:561)
+ |     by 0x4B00F1: dix_main (main.c:284)
+ |     by 0x42879D: main (stubmain.c:34)
+ |   Block was alloc'd at
+ |     at 0x48463F3: calloc (vg_replace_malloc.c:1675)
+ |     by 0x5362A1: present_create_notifies (present_notify.c:81)
+ |     by 0x5368E9: proc_present_pixmap_common (present_request.c:164)
+ |     by 0x536A7D: proc_present_pixmap (present_request.c:189)
+ |     by 0x536FA9: proc_present_dispatch (present_request.c:337)
+ |     by 0x4A1E4E: Dispatch (dispatch.c:561)
+ |     by 0x4B00F1: dix_main (main.c:284)
+ |     by 0x42879D: main (stubmain.c:34)
+
+To fix the issue, count and remove the actual number of notify elements
+added in case of error.
+
+CVE-2025-62229, ZDI-CAN-27238
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2086>
+
+CVE: CVE-2025-62229
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/5a4286b13f631b66c20f5bc8db7b68211dcbd1d0]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ present/present_notify.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/present/present_notify.c b/present/present_notify.c
+index 4459549..00b3b68 100644
+--- a/present/present_notify.c
++++ b/present/present_notify.c
+@@ -90,7 +90,7 @@ present_create_notifies(ClientPtr client, int num_notifies, xPresentNotify *x_no
+         if (status != Success)
+             goto bail;
+
+-        added = i;
++        added++;
+     }
+     return Success;
+
+--
+2.40.0
diff --git a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb b/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
index 49e35ca442..1ed5df8a2e 100644
--- a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
@@ -31,6 +31,7 @@ SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz \
            file://CVE-2025-49178.patch \
            file://CVE-2025-49179.patch \
            file://CVE-2025-49180.patch \
+           file://CVE-2025-62229.patch \
 "
 SRC_URI[sha256sum] = "33ec7ff2687a59faaa52b9b09aa8caf118e7ecb6aed8953f526a625ff9f4bd90"
 
-- 
2.43.0

[OE-core][scarthgap 07/21] xwayland: fix CVE-2025-62230

[Steve Sakoman]

From: Yogita Urade <yogita.urade@windriver.com>

A flaw was discovered in the X.Org X serverâ\x80\x99s X Keyboard
(Xkb) extension when handling client resource cleanup. The software
frees certain data structures without properly detaching related
resources, leading to a use-after-free condition. This can cause
memory corruption or a crash when affected clients disconnect.

Reference:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa

Upstream patches:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/865089ca70840c0f13a61df135f7b44a9782a175
https://gitlab.freedesktop.org/xorg/xserver/-/commit/87fe2553937a99fd914ad0cde999376a3adc3839

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xwayland/CVE-2025-62230-0001.patch        | 60 +++++++++++++
 .../xwayland/CVE-2025-62230-0002.patch        | 89 +++++++++++++++++++
 .../xwayland/xwayland_23.2.5.bb               |  2 +
 3 files changed, 151 insertions(+)
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0001.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0002.patch

diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0001.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0001.patch
new file mode 100644
index 0000000000..a26d13e712
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0001.patch
@@ -0,0 +1,60 @@
+From 865089ca70840c0f13a61df135f7b44a9782a175 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 10 Sep 2025 15:55:06 +0200
+Subject: [PATCH] xkb: Make the RT_XKBCLIENT resource private
+
+Currently, the resource in only available to the xkb.c source file.
+
+In preparation for the next commit, to be able to free the resources
+from XkbRemoveResourceClient(), make that variable private instead.
+
+This is related to:
+
+CVE-2025-62230, ZDI-CAN-27545
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
+(cherry picked from commit 99790a2c9205a52fbbec01f21a92c9b7f4ed1d8f)
+
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2087>
+
+CVE: CVE-2025-62230
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/865089ca70840c0f13a61df135f7b44a9782a175]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ include/xkbsrv.h | 2 ++
+ xkb/xkb.c        | 2 +-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/include/xkbsrv.h b/include/xkbsrv.h
+index 21cd876..24fdfb4 100644
+--- a/include/xkbsrv.h
++++ b/include/xkbsrv.h
+@@ -58,6 +58,8 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ #include "inputstr.h"
+ #include "events.h"
+
++extern RESTYPE RT_XKBCLIENT;
++
+ typedef struct _XkbInterest {
+     DeviceIntPtr dev;
+     ClientPtr client;
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 3210ff9..b7877f5 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -51,7 +51,7 @@ int XkbKeyboardErrorCode;
+ CARD32 xkbDebugFlags = 0;
+ static CARD32 xkbDebugCtrls = 0;
+
+-static RESTYPE RT_XKBCLIENT;
++RESTYPE RT_XKBCLIENT = 0;
+
+ /***====================================================================***/
+
+--
+2.40.0
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0002.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0002.patch
new file mode 100644
index 0000000000..b5230359ba
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0002.patch
@@ -0,0 +1,89 @@
+From 87fe2553937a99fd914ad0cde999376a3adc3839 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 10 Sep 2025 15:58:57 +0200
+Subject: [PATCH] xkb: Free the XKB resource when freeing XkbInterest
+
+XkbRemoveResourceClient() would free the XkbInterest data associated
+with the device, but not the resource associated with it.
+
+As a result, when the client terminates, the resource delete function
+gets called and accesses already freed memory:
+
+ | Invalid read of size 8
+ |   at 0x5BC0C0: XkbRemoveResourceClient (xkbEvents.c:1047)
+ |   by 0x5B3391: XkbClientGone (xkb.c:7094)
+ |   by 0x4DF138: doFreeResource (resource.c:890)
+ |   by 0x4DFB50: FreeClientResources (resource.c:1156)
+ |   by 0x4A9A59: CloseDownClient (dispatch.c:3550)
+ |   by 0x5E0A53: ClientReady (connection.c:601)
+ |   by 0x5E4FEF: ospoll_wait (ospoll.c:657)
+ |   by 0x5DC834: WaitForSomething (WaitFor.c:206)
+ |   by 0x4A1BA5: Dispatch (dispatch.c:491)
+ |   by 0x4B0070: dix_main (main.c:277)
+ |   by 0x4285E7: main (stubmain.c:34)
+ | Address 0x1893e278 is 184 bytes inside a block of size 928 free'd
+ |   at 0x4842E43: free (vg_replace_malloc.c:989)
+ |   by 0x49C1A6: CloseDevice (devices.c:1067)
+ |   by 0x49C522: CloseOneDevice (devices.c:1193)
+ |   by 0x49C6E4: RemoveDevice (devices.c:1244)
+ |   by 0x5873D4: remove_master (xichangehierarchy.c:348)
+ |   by 0x587921: ProcXIChangeHierarchy (xichangehierarchy.c:504)
+ |   by 0x579BF1: ProcIDispatch (extinit.c:390)
+ |   by 0x4A1D85: Dispatch (dispatch.c:551)
+ |   by 0x4B0070: dix_main (main.c:277)
+ |   by 0x4285E7: main (stubmain.c:34)
+ | Block was alloc'd at
+ |   at 0x48473F3: calloc (vg_replace_malloc.c:1675)
+ |   by 0x49A118: AddInputDevice (devices.c:262)
+ |   by 0x4A0E58: AllocDevicePair (devices.c:2846)
+ |   by 0x5866EE: add_master (xichangehierarchy.c:153)
+ |   by 0x5878C2: ProcXIChangeHierarchy (xichangehierarchy.c:493)
+ |   by 0x579BF1: ProcIDispatch (extinit.c:390)
+ |   by 0x4A1D85: Dispatch (dispatch.c:551)
+ |   by 0x4B0070: dix_main (main.c:277)
+ |   by 0x4285E7: main (stubmain.c:34)
+
+To avoid that issue, make sure to free the resources when freeing the
+device XkbInterest data.
+
+CVE-2025-62230, ZDI-CAN-27545
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
+(cherry picked from commit 10c94238bdad17c11707e0bdaaa3a9cd54c504be)
+
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2087>
+
+CVE: CVE-2025-62230
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/87fe2553937a99fd914ad0cde999376a3adc3839]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ xkb/xkbEvents.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c
+index f8f65d4..7c669c9 100644
+--- a/xkb/xkbEvents.c
++++ b/xkb/xkbEvents.c
+@@ -1055,6 +1055,7 @@ XkbRemoveResourceClient(DevicePtr inDev, XID id)
+             autoCtrls = interest->autoCtrls;
+             autoValues = interest->autoCtrlValues;
+             client = interest->client;
++            FreeResource(interest->resource, RT_XKBCLIENT);
+             free(interest);
+             found = TRUE;
+         }
+@@ -1066,6 +1067,7 @@ XkbRemoveResourceClient(DevicePtr inDev, XID id)
+                 autoCtrls = victim->autoCtrls;
+                 autoValues = victim->autoCtrlValues;
+                 client = victim->client;
++                FreeResource(victim->resource, RT_XKBCLIENT);
+                 free(victim);
+                 found = TRUE;
+             }
+--
+2.40.0
diff --git a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb b/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
index 1ed5df8a2e..9bc67f7761 100644
--- a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
@@ -32,6 +32,8 @@ SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz \
            file://CVE-2025-49179.patch \
            file://CVE-2025-49180.patch \
            file://CVE-2025-62229.patch \
+           file://CVE-2025-62230-0001.patch \
+           file://CVE-2025-62230-0002.patch \
 "
 SRC_URI[sha256sum] = "33ec7ff2687a59faaa52b9b09aa8caf118e7ecb6aed8953f526a625ff9f4bd90"
 
-- 
2.43.0

[OE-core][scarthgap 08/21] xwayland: fix CVE-2025-62231

[Steve Sakoman]

From: Yogita Urade <yogita.urade@windriver.com>

A flaw was identified in the X.Org X serverâ\x80\x99s X Keyboard
(Xkb) extension where improper bounds checking in the XkbSetCompatMap()
function can cause an unsigned short overflow. If an attacker sends
specially crafted input data, the value calculation may overflow,
leading to memory corruption or a crash.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-62231

Upstream patch:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xwayland/xwayland/CVE-2025-62231.patch    | 50 +++++++++++++++++++
 .../xwayland/xwayland_23.2.5.bb               |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch

diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch
new file mode 100644
index 0000000000..8095c3d82c
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch
@@ -0,0 +1,50 @@
+From 3baad99f9c15028ed8c3e3d8408e5ec35db155aa Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 10 Sep 2025 16:30:29 +0200
+Subject: [PATCH] xkb: Prevent overflow in XkbSetCompatMap()
+
+The XkbCompatMap structure stores its "num_si" and "size_si" fields
+using an unsigned short.
+
+However, the function _XkbSetCompatMap() will store the sum of the
+input data "firstSI" and "nSI" in both XkbCompatMap's "num_si" and
+"size_si" without first checking if the sum overflows the maximum
+unsigned short value, leading to a possible overflow.
+
+To avoid the issue, check whether the sum does not exceed the maximum
+unsigned short value, or return a "BadValue" error otherwise.
+
+CVE-2025-62231, ZDI-CAN-27560
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
+(cherry picked from commit 475d9f49acd0e55bc0b089ed77f732ad18585470)
+
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2087>
+
+CVE: CVE-2025-62231
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ xkb/xkb.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index b7877f5..4e585d1 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -2992,6 +2992,8 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
+         XkbSymInterpretPtr sym;
+         unsigned int skipped = 0;
+
++        if ((unsigned) (req->firstSI + req->nSI) > USHRT_MAX)
++            return BadValue;
+         if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
+             compat->num_si = compat->size_si = req->firstSI + req->nSI;
+             compat->sym_interpret = reallocarray(compat->sym_interpret,
+--
+2.40.0
diff --git a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb b/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
index 9bc67f7761..362b110a0b 100644
--- a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
@@ -34,6 +34,7 @@ SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz \
            file://CVE-2025-62229.patch \
            file://CVE-2025-62230-0001.patch \
            file://CVE-2025-62230-0002.patch \
+           file://CVE-2025-62231.patch \
 "
 SRC_URI[sha256sum] = "33ec7ff2687a59faaa52b9b09aa8caf118e7ecb6aed8953f526a625ff9f4bd90"
 
-- 
2.43.0

[OE-core][scarthgap 09/21] musl: patch CVE-2025-26519

[Steve Sakoman]

From: Gyorgy Sarvari <skandigraun@gmail.com>

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26519

Pick the patches that are attached to the musl advisory:
https://www.openwall.com/lists/musl/2025/02/13/1

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../musl/musl/CVE-2025-26519-1.patch          | 39 +++++++++++++++++++
 .../musl/musl/CVE-2025-26519-2.patch          | 38 ++++++++++++++++++
 meta/recipes-core/musl/musl_git.bb            |  4 +-
 3 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
 create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-2.patch

diff --git a/meta/recipes-core/musl/musl/CVE-2025-26519-1.patch b/meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
new file mode 100644
index 0000000000..5583c5f6cc
--- /dev/null
+++ b/meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
@@ -0,0 +1,39 @@
+From 8ebb2a68dfac02e7a83885587a9a5a203147ebbe Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Wed, 19 Nov 2025 13:23:38 +0100
+Subject: [PATCH] iconv: fix erroneous input validation in EUC-KR decoder
+
+as a result of incorrect bounds checking on the lead byte being
+decoded, certain invalid inputs which should produce an encoding
+error, such as "\xc8\x41", instead produced out-of-bounds loads from
+the ksc table.
+
+in a worst case, the loaded value may not be a valid unicode scalar
+value, in which case, if the output encoding was UTF-8, wctomb would
+return (size_t)-1, causing an overflow in the output pointer and
+remaining buffer size which could clobber memory outside of the output
+buffer.
+
+bug report was submitted in private by Nick Wellnhofer on account of
+potential security implications.
+
+CVE: CVE-2025-26519
+Upstream-Status: Backport [https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/locale/iconv.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/locale/iconv.c b/src/locale/iconv.c
+index 3047c27b..1fb66bc8 100644
+--- a/src/locale/iconv.c
++++ b/src/locale/iconv.c
+@@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
+ 			if (c >= 93 || d >= 94) {
+ 				c += (0xa1-0x81);
+ 				d += 0xa1;
+-				if (c >= 93 || c>=0xc6-0x81 && d>0x52)
++				if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52)
+ 					goto ilseq;
+ 				if (d-'A'<26) d = d-'A';
+ 				else if (d-'a'<26) d = d-'a'+26;
diff --git a/meta/recipes-core/musl/musl/CVE-2025-26519-2.patch b/meta/recipes-core/musl/musl/CVE-2025-26519-2.patch
new file mode 100644
index 0000000000..7d193ab241
--- /dev/null
+++ b/meta/recipes-core/musl/musl/CVE-2025-26519-2.patch
@@ -0,0 +1,38 @@
+From 7e7052e17e900194a588d337ff4a8e646133afed Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Wed, 19 Nov 2025 13:27:15 +0100
+Subject: [PATCH] iconv: harden UTF-8 output code path against input decoder
+ bugs
+
+the UTF-8 output code was written assuming an invariant that iconv's
+decoders only emit valid Unicode Scalar Values which wctomb can encode
+successfully, thereby always returning a value between 1 and 4.
+
+if this invariant is not satisfied, wctomb returns (size_t)-1, and the
+subsequent adjustments to the output buffer pointer and remaining
+output byte count overflow, moving the output position backwards,
+potentially past the beginning of the buffer, without storing any
+bytes.
+
+CVE: CVE-2025-26519
+Upstream-Status: Backport [https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/locale/iconv.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/locale/iconv.c b/src/locale/iconv.c
+index 1fb66bc8..fb1d3217 100644
+--- a/src/locale/iconv.c
++++ b/src/locale/iconv.c
+@@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
+ 				if (*outb < k) goto toobig;
+ 				memcpy(*out, tmp, k);
+ 			} else k = wctomb_utf8(*out, c);
++			/* This failure condition should be unreachable, but
++			 * is included to prevent decoder bugs from translating
++			 * into advancement outside the output buffer range. */
++			if (k>4) goto ilseq;
+ 			*out += k;
+ 			*outb -= k;
+ 			break;
diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb
index 324269a968..bc516b6183 100644
--- a/meta/recipes-core/musl/musl_git.bb
+++ b/meta/recipes-core/musl/musl_git.bb
@@ -14,7 +14,9 @@ SRC_URI = "git://git.etalabs.net/git/musl;branch=master;protocol=https \
            file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \
            file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \
            file://0003-elf.h-add-typedefs-for-Elf64_Relr-and-Elf32_Relr.patch \
-          "
+           file://CVE-2025-26519-1.patch \
+           file://CVE-2025-26519-2.patch \
+           "
 
 S = "${WORKDIR}/git"
 
-- 
2.43.0

[OE-core][scarthgap 10/21] rust-target-config: fix nativesdk-libstd-rs build with baremetal

[Steve Sakoman]

From: Ovidiu Panait <ovidiu.panait@windriver.com>

If TCLIBC='baremetal' is set in local.conf, nativesdk-libstd-rs build fails
with:

| error[E0412]: cannot find type `c_char` in the crate root
|   --> /usr/src/debug/libstd-rs/1.75.0/rustc-1.75.0-src/vendor/libc/src/unix/mod.rs:56:29
|    |
| 6  | pub type c_schar = i8;
|    | ---------------------- similarly named type alias `c_schar` defined here
| ...
| 56 |         pub gr_name: *mut ::c_char,
|    |                             ^^^^^^

This happens because rust_gen_target() sets os="none" when TCLIBC is
'baremetal' - even for nativesdk targets. However, nativesdk packages are
built against glibc, so the correct 'os' value should be "linux".

Fix this by setting the os field based on {TARGET,HOST,BUILD}_OS variables,
as it is already done in rust_base_triple(), instead of relying on TCLIBC.

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(master rev: 3eaf2cd5647585a1e6df03fc20e2753da27bb692) -- backport
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/rust-target-config.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes-recipe/rust-target-config.bbclass b/meta/classes-recipe/rust-target-config.bbclass
index 1bd7626bd8..31b4bd9afd 100644
--- a/meta/classes-recipe/rust-target-config.bbclass
+++ b/meta/classes-recipe/rust-target-config.bbclass
@@ -329,6 +329,7 @@ def rust_gen_target(d, thing, wd, arch):
     sys = d.getVar('{}_SYS'.format(thing))
     prefix = d.getVar('{}_PREFIX'.format(thing))
     rustsys = d.getVar('RUST_{}_SYS'.format(thing))
+    os = d.getVar('{}_OS'.format(thing))
 
     abi = None
     cpu = "generic"
@@ -368,7 +369,7 @@ def rust_gen_target(d, thing, wd, arch):
     tspec['target-c-int-width'] = d.getVarFlag('TARGET_C_INT_WIDTH', arch_abi)
     tspec['target-endian'] = d.getVarFlag('TARGET_ENDIAN', arch_abi)
     tspec['arch'] = arch_to_rust_target_arch(rust_arch)
-    if "baremetal" in d.getVar('TCLIBC'):
+    if "elf" in os:
         tspec['os'] = "none"
     else:
         tspec['os'] = "linux"
-- 
2.43.0

[OE-core][scarthgap 11/21] glslang: fix compiling with gcc15

[Steve Sakoman]

From: Gyorgy Sarvari <skandigraun@gmail.com>

Backport a patch that fixes a compilation failure with gcc15:

| .../git/SPIRV/SpvBuilder.h:238:30: error: ‘uint32_t’ has not been declared
|   238 |     Id makeDebugLexicalBlock(uint32_t line);
|       |                              ^~~~~~~~
| .../git/SPIRV/SpvBuilder.h:64:1: note: ‘uint32_t’ is defined in header ‘<cstdint>’; this is probably fixable by adding ‘#include <cstdint>’

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...uilder.h-add-missing-cstdint-include.patch | 30 +++++++++++++++++++
 .../glslang/glslang_1.3.275.0.bb              |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta/recipes-graphics/glslang/glslang/0001-SPIRV-SpvBuilder.h-add-missing-cstdint-include.patch

diff --git a/meta/recipes-graphics/glslang/glslang/0001-SPIRV-SpvBuilder.h-add-missing-cstdint-include.patch b/meta/recipes-graphics/glslang/glslang/0001-SPIRV-SpvBuilder.h-add-missing-cstdint-include.patch
new file mode 100644
index 0000000000..02b072c56a
--- /dev/null
+++ b/meta/recipes-graphics/glslang/glslang/0001-SPIRV-SpvBuilder.h-add-missing-cstdint-include.patch
@@ -0,0 +1,30 @@
+From e40c14a3e007fac0e4f2e4164fdf14d1712355bd Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyich@gmail.com>
+Date: Fri, 2 Aug 2024 22:44:21 +0100
+Subject: [PATCH] SPIRV/SpvBuilder.h: add missing <cstdint> include
+
+Without the change `glslang` build fails on upcoming `gcc-15` as:
+
+    In file included from /build/source/SPIRV/GlslangToSpv.cpp:45:
+    SPIRV/SpvBuilder.h:248:30: error: 'uint32_t' has not been declared
+      248 |     Id makeDebugLexicalBlock(uint32_t line);
+          |                              ^~~~~~~~
+
+Upstream-Status: Backport [https://github.com/KhronosGroup/glslang/commit/e40c14a3e007fac0e4f2e4164fdf14d1712355bd]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ SPIRV/SpvBuilder.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/SPIRV/SpvBuilder.h b/SPIRV/SpvBuilder.h
+index b1ca6ce1..00b2e53a 100644
+--- a/SPIRV/SpvBuilder.h
++++ b/SPIRV/SpvBuilder.h
+@@ -56,6 +56,7 @@ namespace spv {
+ }
+ 
+ #include <algorithm>
++#include <cstdint>
+ #include <map>
+ #include <memory>
+ #include <set>
diff --git a/meta/recipes-graphics/glslang/glslang_1.3.275.0.bb b/meta/recipes-graphics/glslang/glslang_1.3.275.0.bb
index 2fd1e72a26..b688b3df48 100644
--- a/meta/recipes-graphics/glslang/glslang_1.3.275.0.bb
+++ b/meta/recipes-graphics/glslang/glslang_1.3.275.0.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=2a2b5acd7bc4844964cfda45fe807dc3"
 SRCREV = "a91631b260cba3f22858d6c6827511e636c2458a"
 SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=main \
            file://0001-generate-glslang-pkg-config.patch \
+           file://0001-SPIRV-SpvBuilder.h-add-missing-cstdint-include.patch \
            "
 PE = "1"
 # These recipes need to be updated in lockstep with each other:
-- 
2.43.0

[OE-core][scarthgap 12/21] testsdk: allow user to specify which tests to run

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

Following the usage of TEST_SUITES in testimage, add TESTSDK_SUITES to
specify the list of tests to execute. By default the variable is empty,
which means to run all discovered tests.

This makes it easier to work on a single test without having to run all
of the tests.

(From OE-Core rev: 28d437c52c77889b2ede0fc2f2d6777c5b0a553d)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/testsdk.bbclass | 3 +++
 meta/lib/oeqa/sdk/testsdk.py        | 3 ++-
 meta/lib/oeqa/sdkext/testsdk.py     | 3 ++-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/meta/classes-recipe/testsdk.bbclass b/meta/classes-recipe/testsdk.bbclass
index fd82e6ef41..59d2834c99 100644
--- a/meta/classes-recipe/testsdk.bbclass
+++ b/meta/classes-recipe/testsdk.bbclass
@@ -14,6 +14,9 @@
 #
 # where "<image-name>" is an image like core-image-sato.
 
+# List of test modules to run, or run all that can be found if unset
+TESTSDK_SUITES ?= ""
+
 TESTSDK_CLASS_NAME ?= "oeqa.sdk.testsdk.TestSDK"
 TESTSDKEXT_CLASS_NAME ?= "oeqa.sdkext.testsdk.TestSDKExt"
 
diff --git a/meta/lib/oeqa/sdk/testsdk.py b/meta/lib/oeqa/sdk/testsdk.py
index 518b09febb..52b702b6a2 100644
--- a/meta/lib/oeqa/sdk/testsdk.py
+++ b/meta/lib/oeqa/sdk/testsdk.py
@@ -114,7 +114,8 @@ class TestSDK(TestSDKBase):
                 host_pkg_manifest=host_pkg_manifest, **context_args)
 
             try:
-                tc.loadTests(self.context_executor_class.default_cases)
+                modules = (d.getVar("TESTSDK_SUITES") or "").split()
+                tc.loadTests(self.context_executor_class.default_cases, modules)
             except Exception as e:
                 import traceback
                 bb.fatal("Loading tests failed:\n%s" % traceback.format_exc())
diff --git a/meta/lib/oeqa/sdkext/testsdk.py b/meta/lib/oeqa/sdkext/testsdk.py
index 9d5a99d900..6dc23065a4 100644
--- a/meta/lib/oeqa/sdkext/testsdk.py
+++ b/meta/lib/oeqa/sdkext/testsdk.py
@@ -82,7 +82,8 @@ class TestSDKExt(TestSDKBase):
                 host_pkg_manifest=host_pkg_manifest)
 
             try:
-                tc.loadTests(OESDKExtTestContextExecutor.default_cases)
+                modules = (d.getVar("TESTSDK_SUITES") or "").split()
+                tc.loadTests(OESDKExtTestContextExecutor.default_cases, modules)
             except Exception as e:
                 import traceback
                 bb.fatal("Loading tests failed:\n%s" % traceback.format_exc())
-- 
2.43.0

[OE-core][scarthgap 13/21] oe/sdk: fix empty SDK manifests

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

The SDK manifests are generated by listing the sstate was that used, but
it hardcodes that the sstate data filenames end in .tgz.

This has not been the case since sstate switched to Zstd[1] in 2021,
which meant that all of the tests which checked for packages existing
were being skipped as the manifests were empty.  For example, see a
representative core-image-sato eSDK test run[2]:

RESULTS - cmake.CMakeTest.test_assimp: SKIPPED (0.00s)
RESULTS - gtk3.GTK3Test.test_galculator: SKIPPED (0.00s)
RESULTS - kmod.KernelModuleTest.test_cryptodev: SKIPPED (0.00s)
RESULTS - maturin.MaturinDevelopTest.test_maturin_develop: SKIPPED (0.00s)
RESULTS - maturin.MaturinTest.test_maturin_list_python: SKIPPED (0.00s)
RESULTS - meson.MesonTest.test_epoxy: SKIPPED (0.00s)
RESULTS - perl.PerlTest.test_perl: SKIPPED (0.00s)
RESULTS - python.Python3Test.test_python3: SKIPPED (0.00s)

All of those tests should have been ran.

Solve this by generalising the filename check so that it doesn't care
what specfic compression algorithm is used.

[1] oe-core 0710e98f40e ("sstate: Switch to ZStandard compressor support")
[2] https://autobuilder.yoctoproject.org/valkyrie/#/builders/16/builds/1517/steps/15/logs/stdio

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/sdk.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oe/sdk.py b/meta/lib/oe/sdk.py
index 3dc3672210..588c74bb44 100644
--- a/meta/lib/oe/sdk.py
+++ b/meta/lib/oe/sdk.py
@@ -148,7 +148,8 @@ def get_extra_sdkinfo(sstate_dir):
     extra_info['filesizes'] = {}
     for root, _, files in os.walk(sstate_dir):
         for fn in files:
-            if fn.endswith('.tgz'):
+            # Note that this makes an assumption about the sstate filenames
+            if '.tar.' in fn and not fn.endswith('.siginfo'):
                 fsize = int(math.ceil(float(os.path.getsize(os.path.join(root, fn))) / 1024))
                 task = fn.rsplit(':',1)[1].split('_',1)[1].split(',')[0]
                 origtotal = extra_info['tasksizes'].get(task, 0)
-- 
2.43.0

[OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise an error on unknown architecture

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

Add a comment explaining what this function does and where the values
come from.

If the architecture isn't know, instead of returning an empty string
which could fail mysteriously, raise a KeyError so it fails quickly.

(From OE-Core rev: 025414c16319b068df1cd757ad9a3c987a6b871d)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/go.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oe/go.py b/meta/lib/oe/go.py
index dfd957d157..4559dc63b2 100644
--- a/meta/lib/oe/go.py
+++ b/meta/lib/oe/go.py
@@ -7,6 +7,10 @@
 import re
 
 def map_arch(a):
+    """
+    Map our architecture names to Go's GOARCH names.
+    See https://github.com/golang/go/blob/master/src/internal/syslist/syslist.go for the complete list.
+    """
     if re.match('i.86', a):
         return '386'
     elif a == 'x86_64':
@@ -31,4 +35,4 @@ def map_arch(a):
         return 'riscv64'
     elif a == 'loongarch64':
         return 'loong64'
-    return ''
+    raise KeyError(f"Cannot map architecture {a}")
-- 
2.43.0

[OE-core][scarthgap 15/21] goarch.bbclass: do not leak TUNE_FEATURES into crosssdk task signatures

[Steve Sakoman]

From: Alexander Kanavin <alex@linutronix.de>

The default assignments look like this:
TARGET_GO386 = "${@go_map_386(d.getVar('TARGET_ARCH'), d.getVar('TUNE_FEATURES'), d)}"

TUNE_FEATURES is a target-specific variable, and so should be used
only for target builds. The change is similar to what is already done
for native packages.

(From OE-Core rev: cfff8e968257c44880caa3605e158764ed5c6a2a)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/goarch.bbclass | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/classes-recipe/goarch.bbclass b/meta/classes-recipe/goarch.bbclass
index 1ebe03864f..0e9ef3a6ec 100644
--- a/meta/classes-recipe/goarch.bbclass
+++ b/meta/classes-recipe/goarch.bbclass
@@ -24,6 +24,9 @@ TARGET_GOMIPS = "${@go_map_mips(d.getVar('TARGET_ARCH'), d.getVar('TUNE_FEATURES
 TARGET_GOARM:class-native = "7"
 TARGET_GO386:class-native = "sse2"
 TARGET_GOMIPS:class-native = "hardfloat"
+TARGET_GOARM:class-crosssdk = "7"
+TARGET_GO386:class-crosssdk = "sse2"
+TARGET_GOMIPS:class-crosssdk = "hardfloat"
 TARGET_GOTUPLE = "${TARGET_GOOS}_${TARGET_GOARCH}"
 GO_BUILD_BINDIR = "${@['bin/${HOST_GOTUPLE}','bin'][d.getVar('BUILD_GOTUPLE') == d.getVar('HOST_GOTUPLE')]}"
 
-- 
2.43.0

[OE-core][scarthgap 16/21] go: add sdk test

[Steve Sakoman]

From: Osama Abdelkader <osama.abdelkader@gmail.com>

- Add meta/lib/oeqa/sdk/cases/go.py with GoCompileTest and GoHostCompileTest classes
- Test validates Go cross-compilation toolchain functionality
- Includes native compilation, cross-compilation, and Go module support
- Uses dynamic architecture detection for portability

(From OE-Core rev: 17015f692a6bf3697a89db51bbc4673a5efa1497)

Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/sdk/cases/go.py | 128 ++++++++++++++++++++++++++++++++++
 1 file changed, 128 insertions(+)
 create mode 100644 meta/lib/oeqa/sdk/cases/go.py

diff --git a/meta/lib/oeqa/sdk/cases/go.py b/meta/lib/oeqa/sdk/cases/go.py
new file mode 100644
index 0000000000..9c15124f6a
--- /dev/null
+++ b/meta/lib/oeqa/sdk/cases/go.py
@@ -0,0 +1,128 @@
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: MIT
+#
+
+import os
+import shutil
+import unittest
+
+from oeqa.core.utils.path import remove_safe
+from oeqa.sdk.case import OESDKTestCase
+
+from oeqa.utils.subprocesstweak import errors_have_output
+errors_have_output()
+
+class GoCompileTest(OESDKTestCase):
+    td_vars = ['MACHINE', 'TARGET_ARCH']
+
+    @classmethod
+    def setUpClass(self):
+        # Copy test.go file to SDK directory (same as GCC test uses files_dir)
+        shutil.copyfile(os.path.join(self.tc.files_dir, 'test.go'),
+                        os.path.join(self.tc.sdk_dir, 'test.go'))
+
+    def setUp(self):
+        target_arch = self.td.get("TARGET_ARCH")
+        # Check for go-cross-canadian package (uses target architecture)
+        if not self.tc.hasHostPackage("go-cross-canadian-%s" % target_arch):
+            raise unittest.SkipTest("GoCompileTest class: SDK doesn't contain a Go cross-canadian toolchain")
+
+        # Additional runtime check for go command availability
+        try:
+            self._run('which go')
+        except Exception as e:
+            raise unittest.SkipTest("GoCompileTest class: go command not available: %s" % str(e))
+
+    def test_go_build(self):
+        """Test Go build command (native compilation)"""
+        self._run('cd %s; go build -o test test.go' % self.tc.sdk_dir)
+
+    def test_go_module(self):
+        """Test Go module creation and building"""
+        # Create a simple Go module
+        self._run('cd %s; go mod init hello-go' % self.tc.sdk_dir)
+        self._run('cd %s; go build -o hello-go' % self.tc.sdk_dir)
+
+    @classmethod
+    def tearDownClass(self):
+        files = [os.path.join(self.tc.sdk_dir, f) \
+                for f in ['test.go', 'test', 'hello-go', 'go.mod', 'go.sum']]
+        for f in files:
+            remove_safe(f)
+
+class GoHostCompileTest(OESDKTestCase):
+    td_vars = ['MACHINE', 'SDK_SYS', 'TARGET_ARCH']
+
+    # Architecture mapping from Yocto/Poky to Go
+    ARCH_MAP = {
+        'aarch64': 'arm64',
+        'cortexa57': 'arm64',  # ARM Cortex-A57 is ARM64
+        'cortexa72': 'arm64',  # ARM Cortex-A72 is ARM64
+        'cortexa53': 'arm64',  # ARM Cortex-A53 is ARM64
+        'x86_64': 'amd64',
+        'i586': '386',
+        'i686': '386',
+        'mips': 'mips',
+        'mipsel': 'mipsle',
+        'powerpc64': 'ppc64',
+        'powerpc64le': 'ppc64le',
+        'riscv64': 'riscv64',
+    }
+
+    @classmethod
+    def setUpClass(self):
+        # Copy test.go file to SDK directory (same as GCC test uses files_dir)
+        shutil.copyfile(os.path.join(self.tc.files_dir, 'test.go'),
+                        os.path.join(self.tc.sdk_dir, 'test.go'))
+
+    def setUp(self):
+        target_arch = self.td.get("TARGET_ARCH")
+        # Check for go-cross-canadian package (uses target architecture)
+        if not self.tc.hasHostPackage("go-cross-canadian-%s" % target_arch):
+            raise unittest.SkipTest("GoHostCompileTest class: SDK doesn't contain a Go cross-canadian toolchain")
+
+        # Additional runtime check for go command availability
+        try:
+            self._run('which go')
+        except Exception as e:
+            raise unittest.SkipTest("GoHostCompileTest class: go command not available: %s" % str(e))
+
+    def _get_go_arch(self):
+        """Get Go architecture from SDK_SYS"""
+        sdksys = self.td.get("SDK_SYS")
+        arch = sdksys.split('-')[0]
+
+        # Handle ARM variants
+        if arch.startswith('arm'):
+            return 'arm'
+
+        # Use mapping for other architectures
+        return self.ARCH_MAP.get(arch, arch)
+
+    def test_go_cross_compile(self):
+        """Test Go cross-compilation for target"""
+        goarch = self._get_go_arch()
+        self._run('cd %s; GOOS=linux GOARCH=%s go build -o test-%s test.go' % (self.tc.sdk_dir, goarch, goarch))
+
+    def test_go_module_cross_compile(self):
+        """Test Go module cross-compilation"""
+        goarch = self._get_go_arch()
+        self._run('cd %s; go mod init hello-go' % self.tc.sdk_dir)
+        self._run('cd %s; GOOS=linux GOARCH=%s go build -o hello-go-%s' % (self.tc.sdk_dir, goarch, goarch))
+
+    @classmethod
+    def tearDownClass(self):
+        # Clean up files with dynamic architecture names
+        files = [os.path.join(self.tc.sdk_dir, f) \
+                for f in ['test.go', 'go.mod', 'go.sum']]
+        # Add architecture-specific files using the same mapping
+        for arch in self.ARCH_MAP.values():
+            files.extend([os.path.join(self.tc.sdk_dir, f) \
+                         for f in ['test-%s' % arch, 'hello-go-%s' % arch]])
+        # Add 'arm' for ARM variants
+        files.extend([os.path.join(self.tc.sdk_dir, f) \
+                     for f in ['test-arm', 'hello-go-arm']])
+        for f in files:
+            remove_safe(f)
-- 
2.43.0

[OE-core][scarthgap 17/21] go: extend runtime test

[Steve Sakoman]

From: Osama Abdelkader <osama.abdelkader@gmail.com>

extend go runtime test with a simple test file, and simple
go module test to validate go compilation and execution on
target.

(From OE-Core rev: e3b2b9170f76f4bbdc41ea6ba7bccffc17d01968)

Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/files/test.go       |  7 ++++
 meta/lib/oeqa/runtime/cases/go.py | 68 +++++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+)
 create mode 100644 meta/lib/oeqa/files/test.go

diff --git a/meta/lib/oeqa/files/test.go b/meta/lib/oeqa/files/test.go
new file mode 100644
index 0000000000..9ca9302654
--- /dev/null
+++ b/meta/lib/oeqa/files/test.go
@@ -0,0 +1,7 @@
+package main
+
+import "fmt"
+
+func main() {
+	fmt.Println("Hello from Go!")
+}
diff --git a/meta/lib/oeqa/runtime/cases/go.py b/meta/lib/oeqa/runtime/cases/go.py
index 39a80f4dca..fc7959b5f4 100644
--- a/meta/lib/oeqa/runtime/cases/go.py
+++ b/meta/lib/oeqa/runtime/cases/go.py
@@ -4,10 +4,78 @@
 # SPDX-License-Identifier: MIT
 #
 
+import os
 from oeqa.runtime.case import OERuntimeTestCase
 from oeqa.core.decorator.depends import OETestDepends
 from oeqa.runtime.decorator.package import OEHasPackage
 
+class GoCompileTest(OERuntimeTestCase):
+
+    @classmethod
+    def setUp(cls):
+        dst = '/tmp/'
+        src = os.path.join(cls.tc.files_dir, 'test.go')
+        cls.tc.target.copyTo(src, dst)
+
+    @classmethod
+    def tearDown(cls):
+        files = '/tmp/test.go /tmp/test'
+        cls.tc.target.run('rm %s' % files)
+        dirs = '/tmp/hello-go'
+        cls.tc.target.run('rm -r %s' % dirs)
+
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    @OEHasPackage('go')
+    @OEHasPackage('go-runtime')
+    @OEHasPackage('go-runtime-dev')
+    @OEHasPackage('openssh-scp')
+    def test_go_compile(self):
+        # Check if go is available
+        status, output = self.target.run('which go')
+        if status != 0:
+            self.skipTest('go command not found, output: %s' % output)
+
+        # Compile the simple Go program
+        status, output = self.target.run('go build -o /tmp/test /tmp/test.go')
+        msg = 'go compile failed, output: %s' % output
+        self.assertEqual(status, 0, msg=msg)
+
+        # Run the compiled program
+        status, output = self.target.run('/tmp/test')
+        msg = 'running compiled file failed, output: %s' % output
+        self.assertEqual(status, 0, msg=msg)
+
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    @OEHasPackage('go')
+    @OEHasPackage('go-runtime')
+    @OEHasPackage('go-runtime-dev')
+    @OEHasPackage('openssh-scp')
+    def test_go_module(self):
+        # Check if go is available
+        status, output = self.target.run('which go')
+        if status != 0:
+            self.skipTest('go command not found, output: %s' % output)
+
+        # Create a simple Go module
+        status, output = self.target.run('mkdir -p /tmp/hello-go')
+        msg = 'mkdir failed, output: %s' % output
+        self.assertEqual(status, 0, msg=msg)
+
+        # Copy the existing test.go file to the module
+        status, output = self.target.run('cp /tmp/test.go /tmp/hello-go/main.go')
+        msg = 'copying test.go failed, output: %s' % output
+        self.assertEqual(status, 0, msg=msg)
+
+        # Build the module
+        status, output = self.target.run('cd /tmp/hello-go && go build -o hello main.go')
+        msg = 'go build failed, output: %s' % output
+        self.assertEqual(status, 0, msg=msg)
+
+        # Run the module
+        status, output = self.target.run('cd /tmp/hello-go && ./hello')
+        msg = 'running go module failed, output: %s' % output
+        self.assertEqual(status, 0, msg=msg)
+
 class GoHelloworldTest(OERuntimeTestCase):
     @OETestDepends(['ssh.SSHTest.test_ssh'])
     @OEHasPackage(['go-helloworld'])
-- 
2.43.0

[OE-core][scarthgap 18/21] go: remove duplicate arch map in sdk test

[Steve Sakoman]

From: Osama Abdelkader <osama.abdelkader@gmail.com>

ARCH_MAP is duplicating an existing map in meta/lib/oe/go.py
use oe.go map_arch instead.

(From OE-Core rev: c2ba36f41777d347fd5ffcd9b6862638e5f35a1b)

Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/sdk/cases/go.py | 31 +++++--------------------------
 1 file changed, 5 insertions(+), 26 deletions(-)

diff --git a/meta/lib/oeqa/sdk/cases/go.py b/meta/lib/oeqa/sdk/cases/go.py
index 9c15124f6a..a050df7a9f 100644
--- a/meta/lib/oeqa/sdk/cases/go.py
+++ b/meta/lib/oeqa/sdk/cases/go.py
@@ -12,6 +12,7 @@ from oeqa.core.utils.path import remove_safe
 from oeqa.sdk.case import OESDKTestCase
 
 from oeqa.utils.subprocesstweak import errors_have_output
+from oe.go import map_arch
 errors_have_output()
 
 class GoCompileTest(OESDKTestCase):
@@ -55,22 +56,6 @@ class GoCompileTest(OESDKTestCase):
 class GoHostCompileTest(OESDKTestCase):
     td_vars = ['MACHINE', 'SDK_SYS', 'TARGET_ARCH']
 
-    # Architecture mapping from Yocto/Poky to Go
-    ARCH_MAP = {
-        'aarch64': 'arm64',
-        'cortexa57': 'arm64',  # ARM Cortex-A57 is ARM64
-        'cortexa72': 'arm64',  # ARM Cortex-A72 is ARM64
-        'cortexa53': 'arm64',  # ARM Cortex-A53 is ARM64
-        'x86_64': 'amd64',
-        'i586': '386',
-        'i686': '386',
-        'mips': 'mips',
-        'mipsel': 'mipsle',
-        'powerpc64': 'ppc64',
-        'powerpc64le': 'ppc64le',
-        'riscv64': 'riscv64',
-    }
-
     @classmethod
     def setUpClass(self):
         # Copy test.go file to SDK directory (same as GCC test uses files_dir)
@@ -94,12 +79,8 @@ class GoHostCompileTest(OESDKTestCase):
         sdksys = self.td.get("SDK_SYS")
         arch = sdksys.split('-')[0]
 
-        # Handle ARM variants
-        if arch.startswith('arm'):
-            return 'arm'
-
         # Use mapping for other architectures
-        return self.ARCH_MAP.get(arch, arch)
+        return map_arch(arch)
 
     def test_go_cross_compile(self):
         """Test Go cross-compilation for target"""
@@ -117,12 +98,10 @@ class GoHostCompileTest(OESDKTestCase):
         # Clean up files with dynamic architecture names
         files = [os.path.join(self.tc.sdk_dir, f) \
                 for f in ['test.go', 'go.mod', 'go.sum']]
-        # Add architecture-specific files using the same mapping
-        for arch in self.ARCH_MAP.values():
+        # Add common architecture-specific files that might be created
+        common_archs = ['arm64', 'arm', 'amd64', '386', 'mips', 'mipsle', 'ppc64', 'ppc64le', 'riscv64']
+        for arch in common_archs:
             files.extend([os.path.join(self.tc.sdk_dir, f) \
                          for f in ['test-%s' % arch, 'hello-go-%s' % arch]])
-        # Add 'arm' for ARM variants
-        files.extend([os.path.join(self.tc.sdk_dir, f) \
-                     for f in ['test-arm', 'hello-go-arm']])
         for f in files:
             remove_safe(f)
-- 
2.43.0

[OE-core][scarthgap 19/21] oeqa: fix package detection in go sdk tests

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

The test are skipped if architecture contains dash because TARGET_ARCH
contains underscore while package name contains dash. Here the
translation needs to be done.

Note that poky distro default arch has dash:
MACHINE="qemux86-64"
TARGET_ARCH="x86_64"
ERROR: Nothing PROVIDES 'go-cross-canadian-x86_64'. Close matches:
  gcc-cross-canadian-x86-64
  gdb-cross-canadian-x86-64
  go-cross-canadian-x86-64
TRANSLATED_TARGET_ARCH="x86-64"

Quoting meta/classes-recipe/cross-canadian.bbclass:
TRANSLATED_TARGET_ARCH is added into PN

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/sdk/cases/go.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/lib/oeqa/sdk/cases/go.py b/meta/lib/oeqa/sdk/cases/go.py
index a050df7a9f..693be89e1d 100644
--- a/meta/lib/oeqa/sdk/cases/go.py
+++ b/meta/lib/oeqa/sdk/cases/go.py
@@ -25,9 +25,9 @@ class GoCompileTest(OESDKTestCase):
                         os.path.join(self.tc.sdk_dir, 'test.go'))
 
     def setUp(self):
-        target_arch = self.td.get("TARGET_ARCH")
+        translated_target_arch = self.td.get("TRANSLATED_TARGET_ARCH")
         # Check for go-cross-canadian package (uses target architecture)
-        if not self.tc.hasHostPackage("go-cross-canadian-%s" % target_arch):
+        if not self.tc.hasHostPackage("go-cross-canadian-%s" % translated_target_arch):
             raise unittest.SkipTest("GoCompileTest class: SDK doesn't contain a Go cross-canadian toolchain")
 
         # Additional runtime check for go command availability
@@ -63,9 +63,9 @@ class GoHostCompileTest(OESDKTestCase):
                         os.path.join(self.tc.sdk_dir, 'test.go'))
 
     def setUp(self):
-        target_arch = self.td.get("TARGET_ARCH")
+        translated_target_arch = self.td.get("TRANSLATED_TARGET_ARCH")
         # Check for go-cross-canadian package (uses target architecture)
-        if not self.tc.hasHostPackage("go-cross-canadian-%s" % target_arch):
+        if not self.tc.hasHostPackage("go-cross-canadian-%s" % translated_target_arch):
             raise unittest.SkipTest("GoHostCompileTest class: SDK doesn't contain a Go cross-canadian toolchain")
 
         # Additional runtime check for go command availability
-- 
2.43.0

[OE-core][scarthgap 20/21] oeqa: drop unnecessary dependency from go runtime tests

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

The tests do not use scp command, so openssh-scp is not needed.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/runtime/cases/go.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/meta/lib/oeqa/runtime/cases/go.py b/meta/lib/oeqa/runtime/cases/go.py
index fc7959b5f4..d4b69438a5 100644
--- a/meta/lib/oeqa/runtime/cases/go.py
+++ b/meta/lib/oeqa/runtime/cases/go.py
@@ -28,7 +28,6 @@ class GoCompileTest(OERuntimeTestCase):
     @OEHasPackage('go')
     @OEHasPackage('go-runtime')
     @OEHasPackage('go-runtime-dev')
-    @OEHasPackage('openssh-scp')
     def test_go_compile(self):
         # Check if go is available
         status, output = self.target.run('which go')
@@ -49,7 +48,6 @@ class GoCompileTest(OERuntimeTestCase):
     @OEHasPackage('go')
     @OEHasPackage('go-runtime')
     @OEHasPackage('go-runtime-dev')
-    @OEHasPackage('openssh-scp')
     def test_go_module(self):
         # Check if go is available
         status, output = self.target.run('which go')
-- 
2.43.0

[OE-core][scarthgap 21/21] oeqa/sdk/buildepoxy: skip test in eSDK

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Currently meson inside eSDKs only works with fully populated eSDKs,
but our testing uses minimal eSDKS, so skip the test if the eSDK is a
minimal build.  A bug has been filed to resolve this.

This is minimal change extracted from OE-Core commit which has this only
as a minor comment: 575e0bf52db0467d88af4b5fe467b682f10ca62a

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/sdk/cases/buildepoxy.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/lib/oeqa/sdk/cases/buildepoxy.py b/meta/lib/oeqa/sdk/cases/buildepoxy.py
index 5b9c36fcec..2f21210c79 100644
--- a/meta/lib/oeqa/sdk/cases/buildepoxy.py
+++ b/meta/lib/oeqa/sdk/cases/buildepoxy.py
@@ -10,6 +10,7 @@ import tempfile
 import unittest
 
 from oeqa.sdk.case import OESDKTestCase
+from oeqa.sdkext.context import OESDKExtTestContext
 from oeqa.utils.subprocesstweak import errors_have_output
 errors_have_output()
 
@@ -22,6 +23,9 @@ class EpoxyTest(OESDKTestCase):
         if libc in [ 'newlib' ]:
             raise unittest.SkipTest("MesonTest class: SDK doesn't contain a supported C library")
 
+        if isinstance(self.tc, OESDKExtTestContext):
+            self.skipTest(f"{self.id()} does not support eSDK (https://bugzilla.yoctoproject.org/show_bug.cgi?id=15854)")
+
         if not (self.tc.hasHostPackage("nativesdk-meson") or
                 self.tc.hasHostPackage("meson-native")):
             raise unittest.SkipTest("EpoxyTest class: SDK doesn't contain Meson")
-- 
2.43.0

Re: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise an error on unknown architecture

[Mark Hatle]

This patch breaks Microblaze for me.

Microblazeel is not in the list of course, but go doesn't support this architecture.

During parsing of various things, instead of the component not being available I 
now get many many lines similar to:

WARNING: <recipe>: Exception during build_dependencies for GOARCH
WARNING: <recipe>: Error during finalize of <multiconfig>
ERROR: ExpansionError during parsing <recipe>
bb.data_smart.ExceptionError: Failure expanding TARGET_GOARCH, expression was 
${go_map_arch(d.getVar('TARGET_ARCH'), d)} which triggered exception KeyError: 
'Cannot map architecture microblazeel'
The variable dependency chain for the failure is: TARGET_GOARCH -> GOARCH

(at which point parsing stops)

I see no obvious way here to add an architecture that OE/Poky does not support, 
which now makes this a hard error for any architecture not supported by the core 
of OE and/or go.  (in the case of microblaze, rust and go are likely to never be 
supported.  So there has to be a way for me to avoid the parse error in these 
cases.)

On 11/22/25 4:14 PM, Steve Sakoman wrote:
> From: Ross Burton <ross.burton@arm.com>
> 
> Add a comment explaining what this function does and where the values
> come from.
> 
> If the architecture isn't know, instead of returning an empty string
> which could fail mysteriously, raise a KeyError so it fails quickly.
> 
> (From OE-Core rev: 025414c16319b068df1cd757ad9a3c987a6b871d)
> 
> Signed-off-by: Ross Burton <ross.burton@arm.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>   meta/lib/oe/go.py | 6 +++++-
>   1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/meta/lib/oe/go.py b/meta/lib/oe/go.py
> index dfd957d157..4559dc63b2 100644
> --- a/meta/lib/oe/go.py
> +++ b/meta/lib/oe/go.py
> @@ -7,6 +7,10 @@
>   import re
>   
>   def map_arch(a):
> +    """
> +    Map our architecture names to Go's GOARCH names.
> +    See https://github.com/golang/go/blob/master/src/internal/syslist/syslist.go for the complete list.
> +    """
>       if re.match('i.86', a):
>           return '386'
>       elif a == 'x86_64':
> @@ -31,4 +35,4 @@ def map_arch(a):
>           return 'riscv64'
>       elif a == 'loongarch64':
>           return 'loong64'
> -    return ''
> +    raise KeyError(f"Cannot map architecture {a}")
> 
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#226712): https://lists.openembedded.org/g/openembedded-core/message/226712
> Mute This Topic: https://lists.openembedded.org/mt/116430143/3616948
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [mark.hatle@kernel.crashing.org]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

Re: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise an error on unknown architecture

[Mark Hatle]

I have a possible workaround, for microblaze, for this.

Basically it's to force include a class that does:

python __anonymous() {
     if bb.data.inherits_class('goarch', d):
         if d.getVar('TARGET_ARCH') in ['microblaze', 'microblazeel', 
'microblazeeb']:
             raise bb.parse.SkipRecipe("Go does not support microblaze.")
}

On 11/26/25 6:40 PM, Mark Hatle wrote:
> This patch breaks Microblaze for me.
> 
> Microblazeel is not in the list of course, but go doesn't support this architecture.
> 
> During parsing of various things, instead of the component not being available I
> now get many many lines similar to:
> 
> WARNING: <recipe>: Exception during build_dependencies for GOARCH
> WARNING: <recipe>: Error during finalize of <multiconfig>
> ERROR: ExpansionError during parsing <recipe>
> bb.data_smart.ExceptionError: Failure expanding TARGET_GOARCH, expression was
> ${go_map_arch(d.getVar('TARGET_ARCH'), d)} which triggered exception KeyError:
> 'Cannot map architecture microblazeel'
> The variable dependency chain for the failure is: TARGET_GOARCH -> GOARCH
> 
> (at which point parsing stops)
> 
> I see no obvious way here to add an architecture that OE/Poky does not support,
> which now makes this a hard error for any architecture not supported by the core
> of OE and/or go.  (in the case of microblaze, rust and go are likely to never be
> supported.  So there has to be a way for me to avoid the parse error in these
> cases.)
> 
> On 11/22/25 4:14 PM, Steve Sakoman wrote:
>> From: Ross Burton <ross.burton@arm.com>
>>
>> Add a comment explaining what this function does and where the values
>> come from.
>>
>> If the architecture isn't know, instead of returning an empty string
>> which could fail mysteriously, raise a KeyError so it fails quickly.
>>
>> (From OE-Core rev: 025414c16319b068df1cd757ad9a3c987a6b871d)
>>
>> Signed-off-by: Ross Burton <ross.burton@arm.com>
>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>> Signed-off-by: Peter Marko <peter.marko@siemens.com>
>> Signed-off-by: Steve Sakoman <steve@sakoman.com>
>> ---
>>    meta/lib/oe/go.py | 6 +++++-
>>    1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/meta/lib/oe/go.py b/meta/lib/oe/go.py
>> index dfd957d157..4559dc63b2 100644
>> --- a/meta/lib/oe/go.py
>> +++ b/meta/lib/oe/go.py
>> @@ -7,6 +7,10 @@
>>    import re
>>    
>>    def map_arch(a):
>> +    """
>> +    Map our architecture names to Go's GOARCH names.
>> +    See https://github.com/golang/go/blob/master/src/internal/syslist/syslist.go for the complete list.
>> +    """
>>        if re.match('i.86', a):
>>            return '386'
>>        elif a == 'x86_64':
>> @@ -31,4 +35,4 @@ def map_arch(a):
>>            return 'riscv64'
>>        elif a == 'loongarch64':
>>            return 'loong64'
>> -    return ''
>> +    raise KeyError(f"Cannot map architecture {a}")
>>
>>
>>
>>
>>
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#226817): https://lists.openembedded.org/g/openembedded-core/message/226817
>> Mute This Topic: https://lists.openembedded.org/mt/116430143/3616948
>> Group Owner: openembedded-core+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [mark.hatle@kernel.crashing.org]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>

RE: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise an error on unknown architecture

[Peter Kjellerstedt]

> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Mark Hatle
> Sent: den 27 november 2025 02:02
> To: Steve Sakoman <steve@sakoman.com>; openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise an error on unknown architecture
> 
> I have a possible workaround, for microblaze, for this.
> 
> Basically it's to force include a class that does:
> 
> python __anonymous() {
>      if bb.data.inherits_class('goarch', d):
>          if d.getVar('TARGET_ARCH') in ['microblaze', 'microblazeel', 'microblazeeb']:
>              raise bb.parse.SkipRecipe("Go does not support microblaze.")
> }

What if you make the map_arch() function raise bb.parse.SkipRecipe rather 
than KeyError? Wouldn't that achieve the same without having to hardcode 
a solution for each architecture that is not supported by Go?

//Peter

> On 11/26/25 6:40 PM, Mark Hatle wrote:
> > This patch breaks Microblaze for me.
> >
> > Microblazeel is not in the list of course, but go doesn't support this architecture.
> >
> > During parsing of various things, instead of the component not being available I
> > now get many many lines similar to:
> >
> > WARNING: <recipe>: Exception during build_dependencies for GOARCH
> > WARNING: <recipe>: Error during finalize of <multiconfig>
> > ERROR: ExpansionError during parsing <recipe>
> > bb.data_smart.ExceptionError: Failure expanding TARGET_GOARCH, expression was
> > ${go_map_arch(d.getVar('TARGET_ARCH'), d)} which triggered exception KeyError:
> > 'Cannot map architecture microblazeel'
> > The variable dependency chain for the failure is: TARGET_GOARCH -> GOARCH
> >
> > (at which point parsing stops)
> >
> > I see no obvious way here to add an architecture that OE/Poky does not support,
> > which now makes this a hard error for any architecture not supported by the core
> > of OE and/or go.  (in the case of microblaze, rust and go are likely to never be
> > supported.  So there has to be a way for me to avoid the parse error in these
> > cases.)
> >
> > On 11/22/25 4:14 PM, Steve Sakoman wrote:
> >> From: Ross Burton <ross.burton@arm.com>
> >>
> >> Add a comment explaining what this function does and where the values
> >> come from.
> >>
> >> If the architecture isn't know, instead of returning an empty string
> >> which could fail mysteriously, raise a KeyError so it fails quickly.
> >>
> >> (From OE-Core rev: 025414c16319b068df1cd757ad9a3c987a6b871d)
> >>
> >> Signed-off-by: Ross Burton <ross.burton@arm.com>
> >> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> >> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> >> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> >> ---
> >>    meta/lib/oe/go.py | 6 +++++-
> >>    1 file changed, 5 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/meta/lib/oe/go.py b/meta/lib/oe/go.py
> >> index dfd957d157..4559dc63b2 100644
> >> --- a/meta/lib/oe/go.py
> >> +++ b/meta/lib/oe/go.py
> >> @@ -7,6 +7,10 @@
> >>    import re
> >>
> >>    def map_arch(a):
> >> +    """
> >> +    Map our architecture names to Go's GOARCH names.
> >> +    See https://github.com/golang/go/blob/master/src/internal/syslist/syslist.go for the complete list.
> >> +    """
> >>        if re.match('i.86', a):
> >>            return '386'
> >>        elif a == 'x86_64':
> >> @@ -31,4 +35,4 @@ def map_arch(a):
> >>            return 'riscv64'
> >>        elif a == 'loongarch64':
> >>            return 'loong64'
> >> -    return ''
> >> +    raise KeyError(f"Cannot map architecture {a}")

RE: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise an error on unknown architecture

[Marko, Peter]

> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-
> core@lists.openembedded.org> On Behalf Of Mark Hatle
> Sent: Thursday, November 27, 2025 2:02
> To: Steve Sakoman <steve@sakoman.com>; openembedded-
> core@lists.openembedded.org
> Subject: Re: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise
> an error on unknown architecture
> 
> I have a possible workaround, for microblaze, for this.
> 
> Basically it's to force include a class that does:
> 
> python __anonymous() {
>      if bb.data.inherits_class('goarch', d):
>          if d.getVar('TARGET_ARCH') in ['microblaze', 'microblazeel',
> 'microblazeeb']:
>              raise bb.parse.SkipRecipe("Go does not support microblaze.")
> }
> 
> On 11/26/25 6:40 PM, Mark Hatle wrote:
> > This patch breaks Microblaze for me.
> >
> > Microblazeel is not in the list of course, but go doesn't support this architecture.
> >
> > During parsing of various things, instead of the component not being available I
> > now get many many lines similar to:
> >
> > WARNING: <recipe>: Exception during build_dependencies for GOARCH
> > WARNING: <recipe>: Error during finalize of <multiconfig>
> > ERROR: ExpansionError during parsing <recipe>
> > bb.data_smart.ExceptionError: Failure expanding TARGET_GOARCH,
> expression was
> > ${go_map_arch(d.getVar('TARGET_ARCH'), d)} which triggered exception
> KeyError:
> > 'Cannot map architecture microblazeel'
> > The variable dependency chain for the failure is: TARGET_GOARCH -> GOARCH
> >
> > (at which point parsing stops)
> >
> > I see no obvious way here to add an architecture that OE/Poky does not
> support,
> > which now makes this a hard error for any architecture not supported by the core
> > of OE and/or go.  (in the case of microblaze, rust and go are likely to never be
> > supported.  So there has to be a way for me to avoid the parse error in these
> > cases.)

OK, that's unfortunate.

However this is something that needed a review when pushed to master branch half a year ago.
This backport then just means you see it half a year ahead of migrating to new LTS release.

Possibly submit a revert or other adaptation to master branch and we can backport it then to scarthgap .

Peter

> >
> > On 11/22/25 4:14 PM, Steve Sakoman wrote:
> >> From: Ross Burton <ross.burton@arm.com>
> >>
> >> Add a comment explaining what this function does and where the values
> >> come from.
> >>
> >> If the architecture isn't know, instead of returning an empty string
> >> which could fail mysteriously, raise a KeyError so it fails quickly.
> >>
> >> (From OE-Core rev: 025414c16319b068df1cd757ad9a3c987a6b871d)
> >>
> >> Signed-off-by: Ross Burton <ross.burton@arm.com>
> >> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> >> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> >> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> >> ---
> >>    meta/lib/oe/go.py | 6 +++++-
> >>    1 file changed, 5 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/meta/lib/oe/go.py b/meta/lib/oe/go.py
> >> index dfd957d157..4559dc63b2 100644
> >> --- a/meta/lib/oe/go.py
> >> +++ b/meta/lib/oe/go.py
> >> @@ -7,6 +7,10 @@
> >>    import re
> >>
> >>    def map_arch(a):
> >> +    """
> >> +    Map our architecture names to Go's GOARCH names.
> >> +    See https://github.com/golang/go/blob/master/src/internal/syslist/syslist.go
> for the complete list.
> >> +    """
> >>        if re.match('i.86', a):
> >>            return '386'
> >>        elif a == 'x86_64':
> >> @@ -31,4 +35,4 @@ def map_arch(a):
> >>            return 'riscv64'
> >>        elif a == 'loongarch64':
> >>            return 'loong64'
> >> -    return ''
> >> +    raise KeyError(f"Cannot map architecture {a}")
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>

Re: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise an error on unknown architecture

[Mark Hatle]

On 11/26/25 10:45 PM, Peter Kjellerstedt via lists.openembedded.org wrote:
>> -----Original Message-----
>> From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Mark Hatle
>> Sent: den 27 november 2025 02:02
>> To: Steve Sakoman <steve@sakoman.com>; openembedded-core@lists.openembedded.org
>> Subject: Re: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise an error on unknown architecture
>>
>> I have a possible workaround, for microblaze, for this.
>>
>> Basically it's to force include a class that does:
>>
>> python __anonymous() {
>>       if bb.data.inherits_class('goarch', d):
>>           if d.getVar('TARGET_ARCH') in ['microblaze', 'microblazeel', 'microblazeeb']:
>>               raise bb.parse.SkipRecipe("Go does not support microblaze.")
>> }
> 
> What if you make the map_arch() function raise bb.parse.SkipRecipe rather
> than KeyError? Wouldn't that achieve the same without having to hardcode
> a solution for each architecture that is not supported by Go?

_I_ can't make map_arch raise skiprecipe because it's part of oe-core and there 
is no easy way to override it in a layer.

But with that, said, raising an exception in map_arch() of KeyError really feels 
anti-social.  Changing THAT exception to a SkipRecipe would make a lot more 
sense and prevent anyone from using go that wasn't supported.

Alternatively the caller of map_arch could catch the key error and raise the 
skiprecipe with an appropriate message as well.

I have a similar chunk like that anonymous python for rust for a similar reason. 
  That might be another candidate to do some sort of automatic raise if it's 
unsupported.

In any case, I think there are really two issues here.

1) Raising KeyError is antisocial to architectures that are out of tree and 
don't support go.

2) There should be a way for out of tree architectures to _easily_ add 
themselves to the arch list, should they be supported by go.

--Mark

> //Peter
> 
>> On 11/26/25 6:40 PM, Mark Hatle wrote:
>>> This patch breaks Microblaze for me.
>>>
>>> Microblazeel is not in the list of course, but go doesn't support this architecture.
>>>
>>> During parsing of various things, instead of the component not being available I
>>> now get many many lines similar to:
>>>
>>> WARNING: <recipe>: Exception during build_dependencies for GOARCH
>>> WARNING: <recipe>: Error during finalize of <multiconfig>
>>> ERROR: ExpansionError during parsing <recipe>
>>> bb.data_smart.ExceptionError: Failure expanding TARGET_GOARCH, expression was
>>> ${go_map_arch(d.getVar('TARGET_ARCH'), d)} which triggered exception KeyError:
>>> 'Cannot map architecture microblazeel'
>>> The variable dependency chain for the failure is: TARGET_GOARCH -> GOARCH
>>>
>>> (at which point parsing stops)
>>>
>>> I see no obvious way here to add an architecture that OE/Poky does not support,
>>> which now makes this a hard error for any architecture not supported by the core
>>> of OE and/or go.  (in the case of microblaze, rust and go are likely to never be
>>> supported.  So there has to be a way for me to avoid the parse error in these
>>> cases.)
>>>
>>> On 11/22/25 4:14 PM, Steve Sakoman wrote:
>>>> From: Ross Burton <ross.burton@arm.com>
>>>>
>>>> Add a comment explaining what this function does and where the values
>>>> come from.
>>>>
>>>> If the architecture isn't know, instead of returning an empty string
>>>> which could fail mysteriously, raise a KeyError so it fails quickly.
>>>>
>>>> (From OE-Core rev: 025414c16319b068df1cd757ad9a3c987a6b871d)
>>>>
>>>> Signed-off-by: Ross Burton <ross.burton@arm.com>
>>>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>>>> Signed-off-by: Peter Marko <peter.marko@siemens.com>
>>>> Signed-off-by: Steve Sakoman <steve@sakoman.com>
>>>> ---
>>>>     meta/lib/oe/go.py | 6 +++++-
>>>>     1 file changed, 5 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/meta/lib/oe/go.py b/meta/lib/oe/go.py
>>>> index dfd957d157..4559dc63b2 100644
>>>> --- a/meta/lib/oe/go.py
>>>> +++ b/meta/lib/oe/go.py
>>>> @@ -7,6 +7,10 @@
>>>>     import re
>>>>
>>>>     def map_arch(a):
>>>> +    """
>>>> +    Map our architecture names to Go's GOARCH names.
>>>> +    See https://github.com/golang/go/blob/master/src/internal/syslist/syslist.go for the complete list.
>>>> +    """
>>>>         if re.match('i.86', a):
>>>>             return '386'
>>>>         elif a == 'x86_64':
>>>> @@ -31,4 +35,4 @@ def map_arch(a):
>>>>             return 'riscv64'
>>>>         elif a == 'loongarch64':
>>>>             return 'loong64'
>>>> -    return ''
>>>> +    raise KeyError(f"Cannot map architecture {a}")
> 
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#226826): https://lists.openembedded.org/g/openembedded-core/message/226826
> Mute This Topic: https://lists.openembedded.org/mt/116430143/3616948
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [mark.hatle@kernel.crashing.org]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

Re: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise an error on unknown architecture

[Mark Hatle]

On 11/27/25 1:00 AM, Peter Marko via lists.openembedded.org wrote:
> 
> 
>> -----Original Message-----
>> From: openembedded-core@lists.openembedded.org <openembedded-
>> core@lists.openembedded.org> On Behalf Of Mark Hatle
>> Sent: Thursday, November 27, 2025 2:02
>> To: Steve Sakoman <steve@sakoman.com>; openembedded-
>> core@lists.openembedded.org
>> Subject: Re: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise
>> an error on unknown architecture
>>
>> I have a possible workaround, for microblaze, for this.
>>
>> Basically it's to force include a class that does:
>>
>> python __anonymous() {
>>       if bb.data.inherits_class('goarch', d):
>>           if d.getVar('TARGET_ARCH') in ['microblaze', 'microblazeel',
>> 'microblazeeb']:
>>               raise bb.parse.SkipRecipe("Go does not support microblaze.")
>> }
>>
>> On 11/26/25 6:40 PM, Mark Hatle wrote:
>>> This patch breaks Microblaze for me.
>>>
>>> Microblazeel is not in the list of course, but go doesn't support this architecture.
>>>
>>> During parsing of various things, instead of the component not being available I
>>> now get many many lines similar to:
>>>
>>> WARNING: <recipe>: Exception during build_dependencies for GOARCH
>>> WARNING: <recipe>: Error during finalize of <multiconfig>
>>> ERROR: ExpansionError during parsing <recipe>
>>> bb.data_smart.ExceptionError: Failure expanding TARGET_GOARCH,
>> expression was
>>> ${go_map_arch(d.getVar('TARGET_ARCH'), d)} which triggered exception
>> KeyError:
>>> 'Cannot map architecture microblazeel'
>>> The variable dependency chain for the failure is: TARGET_GOARCH -> GOARCH
>>>
>>> (at which point parsing stops)
>>>
>>> I see no obvious way here to add an architecture that OE/Poky does not
>> support,
>>> which now makes this a hard error for any architecture not supported by the core
>>> of OE and/or go.  (in the case of microblaze, rust and go are likely to never be
>>> supported.  So there has to be a way for me to avoid the parse error in these
>>> cases.)
> 
> OK, that's unfortunate.
> 
> However this is something that needed a review when pushed to master branch half a year ago.
> This backport then just means you see it half a year ahead of migrating to new LTS release.
> 
> Possibly submit a revert or other adaptation to master branch and we can backport it then to scarthgap .

I do NOT believe this should be reverted in master.  Master is different then 
scarthgap, and per my other reply to Peter Kjellerstedt I think it should be 
adjusted.  I'm willing to try to suggest the adjustments to master.

It's scarthgap that I think this should be reverted.  It's a change in behavior 
from prior scarthgap and absolutely broke my existing (functional) layer.  With 
that said, I have a 'workaround' for it, but it's going to take me time to QA 
everything and get it in for my scarthgap users.

My objection is to changing system behavior in the LTS, nothing more in this case.

--Mark

> Peter
> 
>>>
>>> On 11/22/25 4:14 PM, Steve Sakoman wrote:
>>>> From: Ross Burton <ross.burton@arm.com>
>>>>
>>>> Add a comment explaining what this function does and where the values
>>>> come from.
>>>>
>>>> If the architecture isn't know, instead of returning an empty string
>>>> which could fail mysteriously, raise a KeyError so it fails quickly.
>>>>
>>>> (From OE-Core rev: 025414c16319b068df1cd757ad9a3c987a6b871d)
>>>>
>>>> Signed-off-by: Ross Burton <ross.burton@arm.com>
>>>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>>>> Signed-off-by: Peter Marko <peter.marko@siemens.com>
>>>> Signed-off-by: Steve Sakoman <steve@sakoman.com>
>>>> ---
>>>>     meta/lib/oe/go.py | 6 +++++-
>>>>     1 file changed, 5 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/meta/lib/oe/go.py b/meta/lib/oe/go.py
>>>> index dfd957d157..4559dc63b2 100644
>>>> --- a/meta/lib/oe/go.py
>>>> +++ b/meta/lib/oe/go.py
>>>> @@ -7,6 +7,10 @@
>>>>     import re
>>>>
>>>>     def map_arch(a):
>>>> +    """
>>>> +    Map our architecture names to Go's GOARCH names.
>>>> +    See https://github.com/golang/go/blob/master/src/internal/syslist/syslist.go
>> for the complete list.
>>>> +    """
>>>>         if re.match('i.86', a):
>>>>             return '386'
>>>>         elif a == 'x86_64':
>>>> @@ -31,4 +35,4 @@ def map_arch(a):
>>>>             return 'riscv64'
>>>>         elif a == 'loongarch64':
>>>>             return 'loong64'
>>>> -    return ''
>>>> +    raise KeyError(f"Cannot map architecture {a}")
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -=-=-=-=-=-=-=-=-=-=-=-
>>>> Links: You receive all messages sent to this group.
>>>> View/Reply Online (#226827): https://lists.openembedded.org/g/openembedded-core/message/226827
>>>> Mute This Topic: https://lists.openembedded.org/mt/116430143/3616948
>>>> Group Owner: openembedded-core+owner@lists.openembedded.org
>>>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [mark.hatle@kernel.crashing.org]
>>>> -=-=-=-=-=-=-=-=-=-=-=-
>>>>

RE: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise an error on unknown architecture

[Marko, Peter]

> -----Original Message-----
> From: Mark Hatle <mark.hatle@kernel.crashing.org>
> Sent: Thursday, November 27, 2025 16:52
> To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>; Steve
> Sakoman <steve@sakoman.com>; openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and raise
> an error on unknown architecture
> 
> 
> 
> On 11/27/25 1:00 AM, Peter Marko via lists.openembedded.org wrote:
> >
> >
> >> -----Original Message-----
> >> From: openembedded-core@lists.openembedded.org <openembedded-
> >> core@lists.openembedded.org> On Behalf Of Mark Hatle
> >> Sent: Thursday, November 27, 2025 2:02
> >> To: Steve Sakoman <steve@sakoman.com>; openembedded-
> >> core@lists.openembedded.org
> >> Subject: Re: [OE-core][scarthgap 14/21] lib/oe/go: document map_arch, and
> raise
> >> an error on unknown architecture
> >>
> >> I have a possible workaround, for microblaze, for this.
> >>
> >> Basically it's to force include a class that does:
> >>
> >> python __anonymous() {
> >>       if bb.data.inherits_class('goarch', d):
> >>           if d.getVar('TARGET_ARCH') in ['microblaze', 'microblazeel',
> >> 'microblazeeb']:
> >>               raise bb.parse.SkipRecipe("Go does not support microblaze.")
> >> }
> >>
> >> On 11/26/25 6:40 PM, Mark Hatle wrote:
> >>> This patch breaks Microblaze for me.
> >>>
> >>> Microblazeel is not in the list of course, but go doesn't support this
> architecture.
> >>>
> >>> During parsing of various things, instead of the component not being
> available I
> >>> now get many many lines similar to:
> >>>
> >>> WARNING: <recipe>: Exception during build_dependencies for GOARCH
> >>> WARNING: <recipe>: Error during finalize of <multiconfig>
> >>> ERROR: ExpansionError during parsing <recipe>
> >>> bb.data_smart.ExceptionError: Failure expanding TARGET_GOARCH,
> >> expression was
> >>> ${go_map_arch(d.getVar('TARGET_ARCH'), d)} which triggered exception
> >> KeyError:
> >>> 'Cannot map architecture microblazeel'
> >>> The variable dependency chain for the failure is: TARGET_GOARCH ->
> GOARCH
> >>>
> >>> (at which point parsing stops)
> >>>
> >>> I see no obvious way here to add an architecture that OE/Poky does not
> >> support,
> >>> which now makes this a hard error for any architecture not supported by the
> core
> >>> of OE and/or go.  (in the case of microblaze, rust and go are likely to never
> be
> >>> supported.  So there has to be a way for me to avoid the parse error in these
> >>> cases.)
> >
> > OK, that's unfortunate.
> >
> > However this is something that needed a review when pushed to master branch
> half a year ago.
> > This backport then just means you see it half a year ahead of migrating to new
> LTS release.
> >
> > Possibly submit a revert or other adaptation to master branch and we can
> backport it then to scarthgap .
> 
> I do NOT believe this should be reverted in master.  Master is different then
> scarthgap, and per my other reply to Peter Kjellerstedt I think it should be
> adjusted.  I'm willing to try to suggest the adjustments to master.
> 
> It's scarthgap that I think this should be reverted.  It's a change in behavior
> from prior scarthgap and absolutely broke my existing (functional) layer.  With
> that said, I have a 'workaround' for it, but it's going to take me time to QA
> everything and get it in for my scarthgap users.
> 
> My objection is to changing system behavior in the LTS, nothing more in this
> case.

OK, no problem, I don’t insist on this commit to be present in scarthgap, I need the other ones from tat series for proper golang testing.
Feel free to send a revert commit.

Peter

> 
> --Mark
> 
> > Peter
> >
> >>>
> >>> On 11/22/25 4:14 PM, Steve Sakoman wrote:
> >>>> From: Ross Burton <ross.burton@arm.com>
> >>>>
> >>>> Add a comment explaining what this function does and where the values
> >>>> come from.
> >>>>
> >>>> If the architecture isn't know, instead of returning an empty string
> >>>> which could fail mysteriously, raise a KeyError so it fails quickly.
> >>>>
> >>>> (From OE-Core rev: 025414c16319b068df1cd757ad9a3c987a6b871d)
> >>>>
> >>>> Signed-off-by: Ross Burton <ross.burton@arm.com>
> >>>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> >>>> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> >>>> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> >>>> ---
> >>>>     meta/lib/oe/go.py | 6 +++++-
> >>>>     1 file changed, 5 insertions(+), 1 deletion(-)
> >>>>
> >>>> diff --git a/meta/lib/oe/go.py b/meta/lib/oe/go.py
> >>>> index dfd957d157..4559dc63b2 100644
> >>>> --- a/meta/lib/oe/go.py
> >>>> +++ b/meta/lib/oe/go.py
> >>>> @@ -7,6 +7,10 @@
> >>>>     import re
> >>>>
> >>>>     def map_arch(a):
> >>>> +    """
> >>>> +    Map our architecture names to Go's GOARCH names.
> >>>> +    See
> https://github.com/golang/go/blob/master/src/internal/syslist/syslist.go
> >> for the complete list.
> >>>> +    """
> >>>>         if re.match('i.86', a):
> >>>>             return '386'
> >>>>         elif a == 'x86_64':
> >>>> @@ -31,4 +35,4 @@ def map_arch(a):
> >>>>             return 'riscv64'
> >>>>         elif a == 'loongarch64':
> >>>>             return 'loong64'
> >>>> -    return ''
> >>>> +    raise KeyError(f"Cannot map architecture {a}")
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> -=-=-=-=-=-=-=-=-=-=-=-
> >>>> Links: You receive all messages sent to this group.
> >>>> View/Reply Online (#226827):
> https://lists.openembedded.org/g/openembedded-core/message/226827
> >>>> Mute This Topic: https://lists.openembedded.org/mt/116430143/3616948
> >>>> Group Owner: openembedded-core+owner@lists.openembedded.org
> >>>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
> [mark.hatle@kernel.crashing.org]
> >>>> -=-=-=-=-=-=-=-=-=-=-=-
> >>>>