* [OE-core][whinlatter 00/47] Patch review
@ 2026-04-16 6:47 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 01/47] binutils: mark CVE-2025-69650 and CVE-2025-69651 as disputed Yoann Congal
` (47 more replies)
0 siblings, 48 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for whinlatter and have comments back by
end of day Sunday, April 19. I plan to do the release build on Monday.
This is a relatively "big" series compared to the usual: In addition to
the usual CVE fixes, there are:
- "git://" protocol patches
- Ubunutu 26.04 support patches (Host glibc 2.43 and GCC 16)
Please note: This will be the last review cycle for whinlatter.
If you expect a patch to get merged and it is not in this series ping
me as soon as possible.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3670
The following changes since commit e8a3acb03d4c466cd08e358953df15746cb5aaca:
vim: Fix CVE-2026-26269 (2026-04-02 00:08:06 +0200)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-nut
for you to fetch changes up to dc0dd419fb43968426d342b1d84d0204001cd39f:
scripts/install-buildtools: Update to 5.3.3 (2026-04-15 23:07:17 +0000)
----------------------------------------------------------------
Adarsh Jagadish Kamini (1):
binutils: mark CVE-2025-69650 and CVE-2025-69651 as disputed
Alexander Kanavin (2):
selftest/minidebuginfo: extract files from tar archive using tarfile
module
selftest/gdbserver: replace shutil.unpack_archive with tarfile extract
Ankur Tyagi (1):
barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3
Deepak Rathore (5):
binutils: Fix CVE-2025-69648
binutils: Fix CVE-2025-69644 CVE-2025-69647
binutils: Fix CVE-2025-69649
binutils: Fix CVE-2025-69652
nfs-utils: Fix CVE-2025-12801
Hemanth Kumar M D (2):
libxcrypt: avoid discarded-qualifiers build failure with glibc 2.43
glibc: stable 2.42 branch updates
Hitendra Prajapati (3):
vim: Fix CVE-2026-33412
vim: Fix CVE-2026-28418
vim: Fix CVE-2026-28419
Khem Raj (3):
virglrenderer: Fix build with glibc 2.43+
libxcrypt: Fix build wrt C23 support
libxcrypt: Use configure knob to disable warnings as errors
Martin Jansa (8):
gcc: backport a fix for building with gcc-16
dtc: backport fix for build with glibc-2.43
m4: backport 3 gnulib changes to fix build with glibc-2.43 on host
gettext: backport gnulib changes to fix build with glibc-2.43 on host
util-linux: backport fix to build with glibc-2.43 on host
systemd: backport fix to build with glibc-2.43 on host
spirv-tools: backport a fix for building with gcc-16
ovmf: backport a fix for build with gcc-16
Michael Halstead (1):
yocto-uninative: Update to 5.1 for glibc 2.43
Peter Marko (4):
libarchive: upgrade 3.8.5 -> 3.8.6
openssl: upgrade 3.5.5 -> 3.5.6
go: upgrade 1.25.8 -> 1.25.9
libpng: upgrade 1.6.55 -> 1.6.56
Richard Purdie (4):
pseudo: Add fix for glibc 2.43
recipetool: Recognise https://git. as git urls
selftest/scripts: Update old git protocol references
archiver: Don't try to preserve all attributes when copying files
Sunil Dora (1):
license.py: Drop visit_Str from SeenVisitor in selftest
Trevor Gamblin (1):
report-error.bbclass: replace 'codecs.open()' with 'open()'
Vijay Anusuri (2):
sqlite3: Fix CVE-2025-70873
python3: upgrade 3.13.11 -> 3.13.12
Yoann Congal (8):
oeqa/selftest/devtool: add vulkan feature check for test needing it
oeqa/selftest: add wayland feature check for tests needing it
oeqa/sdk: Default to https git protocol for YP/OE repos
scripts: Default to https git protocol for YP/OE repos
oeqa/selftest/git-submodule-test: Default to https git protocol for
YP/OE repos
meta/files/layers.example.json: switch to https clone URIs
build-appliance-image: switch SRC_URI to https protocol
scripts/install-buildtools: Update to 5.3.3
Zoltán Böszörményi (1):
binutils: Fix build with GLIBC 2.43 on the host
.../devtool/devtool-upgrade-test2_git.bb | 2 +-
.../devtool-upgrade-test2_git.bb.upgraded | 2 +-
.../devtool/devtool-upgrade-test5_git.bb | 4 +-
.../devtool-upgrade-test5_git.bb.upgraded | 4 +-
.../git-submodule-test/git-submodule-test.bb | 4 +-
meta/classes/archiver.bbclass | 2 +-
meta/classes/report-error.bbclass | 8 +-
meta/conf/distro/include/yocto-uninative.inc | 10 +-
meta/files/layers.example.json | 4 +-
meta/lib/oeqa/buildtools-docs/cases/build.py | 2 +-
meta/lib/oeqa/selftest/cases/archiver.py | 4 +-
meta/lib/oeqa/selftest/cases/devtool.py | 8 +-
meta/lib/oeqa/selftest/cases/externalsrc.py | 2 +-
meta/lib/oeqa/selftest/cases/gdbserver.py | 4 +-
.../oeqa/selftest/cases/gitarchivetests.py | 2 +-
.../oeqa/selftest/cases/incompatible_lic.py | 2 +
meta/lib/oeqa/selftest/cases/minidebuginfo.py | 7 +-
meta/lib/oeqa/selftest/cases/oelib/license.py | 4 +-
meta/lib/oeqa/selftest/cases/sstatetests.py | 4 +-
.../cases/yoctotestresultsquerytests.py | 2 +-
meta/recipes-bsp/barebox/barebox-common.inc | 4 +-
.../CVE-2025-12801-dependent_p1.patch | 81 +++
.../CVE-2025-12801-dependent_p2.patch | 181 +++++
.../CVE-2025-12801-dependent_p3.patch | 465 +++++++++++++
.../nfs-utils/nfs-utils/CVE-2025-12801.patch | 254 +++++++
.../nfs-utils/nfs-utils_2.8.4.bb | 4 +
...sysroot-and-debug-prefix-map-from-co.patch | 2 +-
.../{openssl_3.5.5.bb => openssl_3.5.6.bb} | 2 +-
...23-qualifier-generic-fns-like-strchr.patch | 626 ++++++++++++++++++
meta/recipes-core/gettext/gettext_0.26.bb | 1 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
meta/recipes-core/glibc/glibc_2.42.bb | 2 +-
.../images/build-appliance-image_15.0.0.bb | 6 +-
...24d6e87aeae631bc0a7bb1ba983cf8def4de.patch | 29 +
meta/recipes-core/libxcrypt/libxcrypt.inc | 6 +-
...Tools-StringFuncs-fix-gcc-16-warning.patch | 42 ++
...aseTools-EfiRom-fix-compiler-warning.patch | 44 ++
meta/recipes-core/ovmf/ovmf_git.bb | 2 +
meta/recipes-core/systemd/systemd.inc | 4 +-
...ilter-out-EFSBADCRC-and-EFSCORRUPTED.patch | 34 +
meta/recipes-core/util-linux/util-linux.inc | 1 +
...x-bsearch-macro-usage-with-glibc-C23.patch | 40 ++
.../binutils/binutils-2.45.inc | 7 +
...tect-against-standard-library-macros.patch | 34 +
.../CVE-2025-69644_CVE-2025-69647.patch | 85 +++
.../binutils/binutils/CVE-2025-69648.patch | 189 ++++++
.../binutils/binutils/CVE-2025-69649.patch | 41 ++
.../binutils/binutils/CVE-2025-69652.patch | 40 ++
meta/recipes-devtools/gcc/gcc-15.2.inc | 1 +
...dy-Make-it-buildable-by-C-11-to-C-26.patch | 257 +++++++
.../go/{go-1.25.8.inc => go-1.25.9.inc} | 2 +-
...e_1.25.8.bb => go-binary-native_1.25.9.bb} | 6 +-
..._1.25.8.bb => go-cross-canadian_1.25.9.bb} | 0
...{go-cross_1.25.8.bb => go-cross_1.25.9.bb} | 0
...osssdk_1.25.8.bb => go-crosssdk_1.25.9.bb} | 0
...runtime_1.25.8.bb => go-runtime_1.25.9.bb} | 0
...ent-based-hash-generation-less-pedan.patch | 8 +-
...d-go-make-GOROOT-precious-by-default.patch | 2 +-
.../go/{go_1.25.8.bb => go_1.25.9.bb} | 0
meta/recipes-devtools/m4/m4-1.4.20.inc | 3 +
...-Fix-some-g-Wsystem-headers-warnings.patch | 135 ++++
...pilation-error-on-macOS-with-fortify.patch | 126 ++++
...23-qualifier-generic-fns-like-strchr.patch | 194 ++++++
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
...{python3_3.13.11.bb => python3_3.13.12.bb} | 2 +-
...ibarchive_3.8.5.bb => libarchive_3.8.6.bb} | 2 +-
...sue-with-gcc-16-replaeces-PR-6542-65.patch | 50 ++
.../spir/spirv-tools_1.4.328.1.bb | 3 +-
...once_flag-ONCE_FLAG_INIT-when-presen.patch | 55 ++
.../virglrenderer/virglrenderer_1.1.1.bb | 1 +
.../0001-Fix-discarded-const-qualifiers.patch | 83 +++
meta/recipes-kernel/dtc/dtc_1.7.2.bb | 1 +
.../{libpng_1.6.55.bb => libpng_1.6.56.bb} | 2 +-
.../sqlite/files/CVE-2025-70873.patch | 33 +
meta/recipes-support/sqlite/sqlite3_3.48.0.bb | 1 +
.../vim/files/CVE-2026-28418.patch | 78 +++
.../vim/files/CVE-2026-28419.patch | 86 +++
.../vim/files/CVE-2026-33412.patch | 61 ++
meta/recipes-support/vim/vim.inc | 3 +
scripts/combo-layer.conf.example | 4 +-
scripts/contrib/patchtest.sh | 4 +-
scripts/install-buildtools | 4 +-
scripts/lib/recipetool/create.py | 2 +-
scripts/yocto_testresults_query.py | 2 +-
84 files changed, 3452 insertions(+), 70 deletions(-)
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p1.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p2.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p3.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801.patch
rename meta/recipes-connectivity/openssl/{openssl_3.5.5.bb => openssl_3.5.6.bb} (99%)
create mode 100644 meta/recipes-core/gettext/gettext/0001-Port-to-C23-qualifier-generic-fns-like-strchr.patch
create mode 100644 meta/recipes-core/libxcrypt/files/174c24d6e87aeae631bc0a7bb1ba983cf8def4de.patch
create mode 100644 meta/recipes-core/ovmf/ovmf/0006-BaseTools-StringFuncs-fix-gcc-16-warning.patch
create mode 100644 meta/recipes-core/ovmf/ovmf/0007-BaseTools-EfiRom-fix-compiler-warning.patch
create mode 100644 meta/recipes-core/systemd/systemd/0001-errno-list-filter-out-EFSBADCRC-and-EFSCORRUPTED.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/0001-lsfd-fix-bsearch-macro-usage-with-glibc-C23.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0001-gprofng-protect-against-standard-library-macros.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69644_CVE-2025-69647.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69649.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch
create mode 100644 meta/recipes-devtools/gcc/gcc/0028-libcody-Make-it-buildable-by-C-11-to-C-26.patch
rename meta/recipes-devtools/go/{go-1.25.8.inc => go-1.25.9.inc} (91%)
rename meta/recipes-devtools/go/{go-binary-native_1.25.8.bb => go-binary-native_1.25.9.bb} (79%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.25.8.bb => go-cross-canadian_1.25.9.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.25.8.bb => go-cross_1.25.9.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.25.8.bb => go-crosssdk_1.25.9.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.25.8.bb => go-runtime_1.25.9.bb} (100%)
rename meta/recipes-devtools/go/{go_1.25.8.bb => go_1.25.9.bb} (100%)
create mode 100644 meta/recipes-devtools/m4/m4/0001-string-h-wchar-h-Fix-some-g-Wsystem-headers-warnings.patch
create mode 100644 meta/recipes-devtools/m4/m4/0002-string-h-Fix-compilation-error-on-macOS-with-fortify.patch
create mode 100644 meta/recipes-devtools/m4/m4/0003-Port-to-C23-qualifier-generic-fns-like-strchr.patch
rename meta/recipes-devtools/python/{python3_3.13.11.bb => python3_3.13.12.bb} (99%)
rename meta/recipes-extended/libarchive/{libarchive_3.8.5.bb => libarchive_3.8.6.bb} (96%)
create mode 100644 meta/recipes-graphics/spir/spirv-tools/0001-opt-Fix-build-issue-with-gcc-16-replaeces-PR-6542-65.patch
create mode 100644 meta/recipes-graphics/virglrenderer/virglrenderer/0001-c11-use-glibc-s-once_flag-ONCE_FLAG_INIT-when-presen.patch
create mode 100644 meta/recipes-kernel/dtc/dtc/0001-Fix-discarded-const-qualifiers.patch
rename meta/recipes-multimedia/libpng/{libpng_1.6.55.bb => libpng_1.6.56.bb} (97%)
create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-70873.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-28418.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-28419.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-33412.patch
^ permalink raw reply [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 01/47] binutils: mark CVE-2025-69650 and CVE-2025-69651 as disputed
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 02/47] binutils: Fix CVE-2025-69648 Yoann Congal
` (46 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
Both CVEs are disputed by third parties. The observed behavior
(double free / invalid pointer free in readelf) only occurred in
pre-release code and did not affect any tagged version [1][2].
CVE_STATUS[CVE-2025-69650] = "disputed: observed behavior only in pre-release code, does not affect any tagged version"
CVE_STATUS[CVE-2025-69651] = "disputed: observed behavior only in pre-release code, does not affect any tagged version"
[1] https://www.cve.org/CVERecord?id=CVE-2025-69650
[2] https://www.cve.org/CVERecord?id=CVE-2025-69651
Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
(cherry picked from commit 9c6df56fe18237880c391798c2083dca595566f4)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/binutils/binutils-2.45.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
index 16a63cabc5b..5cd4d185ac1 100644
--- a/meta/recipes-devtools/binutils/binutils-2.45.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
@@ -20,6 +20,8 @@ UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
CVE_STATUS[CVE-2025-7545] = "cpe-stable-backport: fix available in used git hash"
CVE_STATUS[CVE-2025-7546] = "cpe-stable-backport: fix available in used git hash"
+CVE_STATUS[CVE-2025-69650] = "disputed: observed behavior only in pre-release code, does not affect any tagged version"
+CVE_STATUS[CVE-2025-69651] = "disputed: observed behavior only in pre-release code, does not affect any tagged version"
SRCREV ?= "2f028c6bb163a045db95439fb92e1dcbc919413c"
BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 02/47] binutils: Fix CVE-2025-69648
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 01/47] binutils: mark CVE-2025-69650 and CVE-2025-69651 as disputed Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 03/47] binutils: Fix CVE-2025-69644 CVE-2025-69647 Yoann Congal
` (45 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Deepak Rathore <deeratho@cisco.com>
Pick the patch [1] as mentioned in [2].
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-69648
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../binutils/binutils-2.45.inc | 1 +
.../binutils/binutils/CVE-2025-69648.patch | 189 ++++++++++++++++++
2 files changed, 190 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
index 5cd4d185ac1..83907f24afa 100644
--- a/meta/recipes-devtools/binutils/binutils-2.45.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
@@ -48,4 +48,5 @@ SRC_URI = "\
file://0018-CVE-2025-11494.patch \
file://0019-CVE-2025-11839.patch \
file://0020-CVE-2025-11840.patch \
+ file://CVE-2025-69648.patch \
"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch
new file mode 100644
index 00000000000..ce0e764762f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch
@@ -0,0 +1,189 @@
+From 7df481dd76c05c89782721e9df5468be829c356b Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 22 Nov 2025 09:22:10 +1030
+Subject: [PATCH] PR 33638, debug_rnglists output
+
+The fuzzed testcase in this PR continuously outputs an error about
+the debug_rnglists header. Fixed by taking notice of the error and
+stopping output. The patch also limits the length in all cases, not
+just when a relocation is present, and limits the offset entry count
+read from the header. I removed the warning and the test for relocs
+because the code can't work reliably with unresolved relocs in the
+length field.
+
+ PR 33638
+ * dwarf.c (display_debug_rnglists_list): Return bool. Rename
+ "inital_length" to plain "length". Verify length is large
+ enough to read header. Limit length to rest of section.
+ Similarly limit offset_entry_count.
+ (display_debug_ranges): Check display_debug_rnglists_unit_header
+ return status. Stop output on error.
+
+CVE: CVE-2025-69648
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33]
+
+(cherry picked from commit 598704a00cbac5e85c2bedd363357b5bf6fcee33)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ binutils/dwarf.c | 67 ++++++++++++++++++++++++------------------------
+ 1 file changed, 34 insertions(+), 33 deletions(-)
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index f4bcb677761..b4fb56351ec 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -8282,7 +8282,7 @@ display_debug_rnglists_list (unsigned char * start,
+ return start;
+ }
+
+-static int
++static bool
+ display_debug_rnglists_unit_header (struct dwarf_section * section,
+ uint64_t * unit_offset,
+ unsigned char * poffset_size)
+@@ -8290,7 +8290,8 @@ display_debug_rnglists_unit_header (struct dwarf_section * section,
+ uint64_t start_offset = *unit_offset;
+ unsigned char * p = section->start + start_offset;
+ unsigned char * finish = section->start + section->size;
+- uint64_t initial_length;
++ unsigned char * hdr;
++ uint64_t length;
+ unsigned char segment_selector_size;
+ unsigned int offset_entry_count;
+ unsigned int i;
+@@ -8299,66 +8300,59 @@ display_debug_rnglists_unit_header (struct dwarf_section * section,
+ unsigned char offset_size;
+
+ /* Get and check the length of the block. */
+- SAFE_BYTE_GET_AND_INC (initial_length, p, 4, finish);
++ SAFE_BYTE_GET_AND_INC (length, p, 4, finish);
+
+- if (initial_length == 0xffffffff)
++ if (length == 0xffffffff)
+ {
+ /* This section is 64-bit DWARF 3. */
+- SAFE_BYTE_GET_AND_INC (initial_length, p, 8, finish);
++ SAFE_BYTE_GET_AND_INC (length, p, 8, finish);
+ *poffset_size = offset_size = 8;
+ }
+ else
+ *poffset_size = offset_size = 4;
+
+- if (initial_length > (size_t) (finish - p))
+- {
+- /* If the length field has a relocation against it, then we should
+- not complain if it is inaccurate (and probably negative).
+- It is copied from .debug_line handling code. */
+- if (reloc_at (section, (p - section->start) - offset_size))
+- initial_length = finish - p;
+- else
+- {
+- warn (_("The length field (%#" PRIx64
+- ") in the debug_rnglists header is wrong"
+- " - the section is too small\n"),
+- initial_length);
+- return 0;
+- }
+- }
+-
+- /* Report the next unit offset to the caller. */
+- *unit_offset = (p - section->start) + initial_length;
++ if (length < 8)
++ return false;
+
+ /* Get the other fields in the header. */
++ hdr = p;
+ SAFE_BYTE_GET_AND_INC (version, p, 2, finish);
+ SAFE_BYTE_GET_AND_INC (address_size, p, 1, finish);
+ SAFE_BYTE_GET_AND_INC (segment_selector_size, p, 1, finish);
+ SAFE_BYTE_GET_AND_INC (offset_entry_count, p, 4, finish);
+
+ printf (_(" Table at Offset: %#" PRIx64 ":\n"), start_offset);
+- printf (_(" Length: %#" PRIx64 "\n"), initial_length);
++ printf (_(" Length: %#" PRIx64 "\n"), length);
+ printf (_(" DWARF version: %u\n"), version);
+ printf (_(" Address size: %u\n"), address_size);
+ printf (_(" Segment size: %u\n"), segment_selector_size);
+ printf (_(" Offset entries: %u\n"), offset_entry_count);
+
++ if (length > (size_t) (finish - hdr))
++ length = finish - hdr;
++
++ /* Report the next unit offset to the caller. */
++ *unit_offset = (hdr - section->start) + length;
++
+ /* Check the fields. */
+ if (segment_selector_size != 0)
+ {
+ warn (_("The %s section contains "
+ "unsupported segment selector size: %d.\n"),
+ section->name, segment_selector_size);
+- return 0;
++ return false;
+ }
+
+ if (version < 5)
+ {
+ warn (_("Only DWARF version 5+ debug_rnglists info "
+ "is currently supported.\n"));
+- return 0;
++ return false;
+ }
+
++ uint64_t max_off_count = (length - 8) / offset_size;
++ if (offset_entry_count > max_off_count)
++ offset_entry_count = max_off_count;
+ if (offset_entry_count != 0)
+ {
+ printf (_("\n Offsets starting at %#tx:\n"), p - section->start);
+@@ -8372,7 +8366,7 @@ display_debug_rnglists_unit_header (struct dwarf_section * section,
+ }
+ }
+
+- return 1;
++ return true;
+ }
+
+ static bool
+@@ -8404,6 +8398,7 @@ display_debug_ranges (struct dwarf_section *section,
+ uint64_t last_offset = 0;
+ uint64_t next_rnglists_cu_offset = 0;
+ unsigned char offset_size;
++ bool ok_header = true;
+
+ if (bytes == 0)
+ {
+@@ -8493,8 +8488,12 @@ display_debug_ranges (struct dwarf_section *section,
+ /* If we've moved on to the next compile unit in the rnglists section - dump the unit header(s). */
+ if (is_rnglists && next_rnglists_cu_offset < offset)
+ {
+- while (next_rnglists_cu_offset < offset)
+- display_debug_rnglists_unit_header (section, &next_rnglists_cu_offset, &offset_size);
++ while (ok_header && next_rnglists_cu_offset < offset)
++ ok_header = display_debug_rnglists_unit_header (section,
++ &next_rnglists_cu_offset,
++ &offset_size);
++ if (!ok_header)
++ break;
+ printf (_(" Offset Begin End\n"));
+ }
+
+@@ -8548,10 +8547,12 @@ display_debug_ranges (struct dwarf_section *section,
+ }
+
+ /* Display trailing empty (or unreferenced) compile units, if any. */
+- if (is_rnglists)
++ if (is_rnglists && ok_header)
+ while (next_rnglists_cu_offset < section->size)
+- display_debug_rnglists_unit_header (section, &next_rnglists_cu_offset, &offset_size);
+-
++ if (!display_debug_rnglists_unit_header (section,
++ &next_rnglists_cu_offset,
++ &offset_size))
++ break;
+ putchar ('\n');
+
+ free (range_entries);
+--
+2.35.6
+
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 03/47] binutils: Fix CVE-2025-69644 CVE-2025-69647
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 01/47] binutils: mark CVE-2025-69650 and CVE-2025-69651 as disputed Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 02/47] binutils: Fix CVE-2025-69648 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 04/47] binutils: Fix CVE-2025-69649 Yoann Congal
` (44 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Deepak Rathore <deeratho@cisco.com>
Pick the patch [1] as mentioned in [2] and [3].
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=455446bbdc8675f34808187de2bbad4682016ff7
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-69644
[3] https://nvd.nist.gov/vuln/detail/CVE-2025-69647
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../binutils/binutils-2.45.inc | 1 +
.../CVE-2025-69644_CVE-2025-69647.patch | 85 +++++++++++++++++++
2 files changed, 86 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69644_CVE-2025-69647.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
index 83907f24afa..a2bb278b438 100644
--- a/meta/recipes-devtools/binutils/binutils-2.45.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
@@ -49,4 +49,5 @@ SRC_URI = "\
file://0019-CVE-2025-11839.patch \
file://0020-CVE-2025-11840.patch \
file://CVE-2025-69648.patch \
+ file://CVE-2025-69644_CVE-2025-69647.patch \
"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69644_CVE-2025-69647.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69644_CVE-2025-69647.patch
new file mode 100644
index 00000000000..78c3899af91
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69644_CVE-2025-69647.patch
@@ -0,0 +1,85 @@
+From 46efc6c469c85aefd6321150e702081823ca815c Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 22 Nov 2025 09:52:18 +1030
+Subject: [PATCH] PR 33639 .debug_loclists output
+
+The fuzzed testcase in this PR prints an almost endless table of
+offsets, due to a bogus offset count. Limit that count, and the total
+length too.
+
+ PR 33639
+ * dwarf.c (display_loclists_unit_header): Return error on
+ length too small to read header. Limit length to section
+ size. Limit offset count similarly.
+
+CVE: CVE-2025-69644 CVE-2025-69647
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=455446bbdc8675f34808187de2bbad4682016ff7]
+
+(cherry picked from commit 455446bbdc8675f34808187de2bbad4682016ff7)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ binutils/dwarf.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index b4fb56351ec..2462e6540a7 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -7257,8 +7257,6 @@ display_loclists_unit_header (struct dwarf_section * section,
+ bool is_64bit;
+ uint32_t i;
+
+- printf (_("Table at Offset %#" PRIx64 "\n"), header_offset);
+-
+ SAFE_BYTE_GET_AND_INC (length, start, 4, end);
+ if (length == 0xffffffff)
+ {
+@@ -7267,6 +7265,11 @@ display_loclists_unit_header (struct dwarf_section * section,
+ }
+ else
+ is_64bit = false;
++ if (length < 8)
++ return (uint64_t) -1;
++
++ printf (_("Table at Offset %#" PRIx64 "\n"), header_offset);
++ header_offset = start - section->start;
+
+ SAFE_BYTE_GET_AND_INC (version, start, 2, end);
+ SAFE_BYTE_GET_AND_INC (address_size, start, 1, end);
+@@ -7279,15 +7282,21 @@ display_loclists_unit_header (struct dwarf_section * section,
+ printf (_(" Segment size: %u\n"), segment_selector_size);
+ printf (_(" Offset entries: %u\n"), *offset_count);
+
++ if (length > section->size - header_offset)
++ length = section->size - header_offset;
++
+ if (segment_selector_size != 0)
+ {
+ warn (_("The %s section contains an "
+ "unsupported segment selector size: %d.\n"),
+ section->name, segment_selector_size);
+- return (uint64_t)-1;
++ return (uint64_t) -1;
+ }
+
+- if ( *offset_count)
++ uint64_t max_off_count = length >> (is_64bit ? 3 : 2);
++ if (*offset_count > max_off_count)
++ *offset_count = max_off_count;
++ if (*offset_count)
+ {
+ printf (_("\n Offset Entries starting at %#tx:\n"),
+ start - section->start);
+@@ -7304,8 +7313,7 @@ display_loclists_unit_header (struct dwarf_section * section,
+ putchar ('\n');
+ *loclists_start = start;
+
+- /* The length field doesn't include the length field itself. */
+- return header_offset + length + (is_64bit ? 12 : 4);
++ return header_offset + length;
+ }
+
+ static int
+--
+2.35.6
+
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 04/47] binutils: Fix CVE-2025-69649
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (2 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 03/47] binutils: Fix CVE-2025-69644 CVE-2025-69647 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 05/47] binutils: Fix CVE-2025-69652 Yoann Congal
` (43 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Deepak Rathore <deeratho@cisco.com>
Pick the patch [1] as mentioned in [2]
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=66a3492ce68e1ae45b2489bd9a815c39ea5d7f66
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-69649
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../binutils/binutils-2.45.inc | 1 +
.../binutils/binutils/CVE-2025-69649.patch | 41 +++++++++++++++++++
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69649.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
index a2bb278b438..94b7ca54cb8 100644
--- a/meta/recipes-devtools/binutils/binutils-2.45.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
@@ -50,4 +50,5 @@ SRC_URI = "\
file://0020-CVE-2025-11840.patch \
file://CVE-2025-69648.patch \
file://CVE-2025-69644_CVE-2025-69647.patch \
+ file://CVE-2025-69649.patch \
"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69649.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69649.patch
new file mode 100644
index 00000000000..05b382ea526
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69649.patch
@@ -0,0 +1,41 @@
+From cc53801dff2ba4bc62eaa666b3b7d9401232089c Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 8 Dec 2025 15:58:33 +1030
+Subject: [PATCH] PR 33697, fuzzer segfault
+
+ PR 33697
+ * readelf.c (process_relocs): Don't segfault on no sections.
+
+CVE: CVE-2025-69649
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=66a3492ce68e1ae45b2489bd9a815c39ea5d7f66]
+
+(cherry picked from commit 66a3492ce68e1ae45b2489bd9a815c39ea5d7f66)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ binutils/readelf.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index 8f188e8c3e2..8d28b1c30e4 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -9621,13 +9621,11 @@ process_relocs (Filedata * filedata)
+ size_t i;
+ bool found = false;
+
+- for (i = 0, section = filedata->section_headers;
+- i < filedata->file_header.e_shnum;
+- i++, section++)
+- {
++ section = filedata->section_headers;
++ if (section != NULL)
++ for (i = 0; i < filedata->file_header.e_shnum; i++, section++)
+ if (display_relocations (section, filedata))
+ found = true;
+- }
+
+ if (! found)
+ {
+--
+2.35.6
+
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 05/47] binutils: Fix CVE-2025-69652
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (3 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 04/47] binutils: Fix CVE-2025-69649 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 06/47] nfs-utils: Fix CVE-2025-12801 Yoann Congal
` (42 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Deepak Rathore <deeratho@cisco.com>
Pick the patch [1] as mentioned in [2].
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-69652
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../binutils/binutils-2.45.inc | 1 +
.../binutils/binutils/CVE-2025-69652.patch | 40 +++++++++++++++++++
2 files changed, 41 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
index 94b7ca54cb8..f635d76069a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.45.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
@@ -51,4 +51,5 @@ SRC_URI = "\
file://CVE-2025-69648.patch \
file://CVE-2025-69644_CVE-2025-69647.patch \
file://CVE-2025-69649.patch \
+ file://CVE-2025-69652.patch \
"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch
new file mode 100644
index 00000000000..5de94820d1d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch
@@ -0,0 +1,40 @@
+From 5a2f57ab03067f6622c19983e1e31207bd2293a6 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 8 Dec 2025 16:04:44 +1030
+Subject: [PATCH] PR 33701, abort in byte_get_little_endian
+
+ PR 33701
+ * dwarf.c (process_debug_info): Set debug_info_p NULL when
+ DEBUG_INFO_UNAVAILABLE.
+
+CVE: CVE-2025-69652
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01]
+
+(cherry picked from commit 44b79abd0fa12e7947252eb4c6e5d16ed6033e01)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ binutils/dwarf.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index 2462e6540a7..0d88ea94619 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -4248,9 +4248,11 @@ process_debug_info (struct dwarf_section * section,
+ break;
+ }
+
+- debug_info *debug_info_p = ((debug_information
+- && unit < alloc_num_debug_info_entries)
+- ? debug_information + unit : NULL);
++ debug_info *debug_info_p = NULL;
++ if (debug_information
++ && num_debug_info_entries != DEBUG_INFO_UNAVAILABLE
++ && unit < alloc_num_debug_info_entries)
++ debug_info_p = debug_information + unit;
+
+ assert (!debug_info_p
+ || (debug_info_p->num_loc_offsets
+--
+2.35.6
+
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 06/47] nfs-utils: Fix CVE-2025-12801
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (4 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 05/47] binutils: Fix CVE-2025-69652 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 07/47] sqlite3: Fix CVE-2025-70873 Yoann Congal
` (41 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Deepak Rathore <deeratho@cisco.com>
- This patch applies the upstream fix [1] as referenced in [5].
- To successfully apply the fixed commit, apply the dependent commits
[2] to [4] which are included in v2.8.6, as referenced in [5].
- Reference:
[1] https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=f36bd900a899
[2] https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=7e8b36522f58
[3] https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=42f01e6a78fe
[4] https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=51738ae56d92
[5] https://security-tracker.debian.org/tracker/CVE-2025-12801
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
[YC: fixed tab vs space indent in recipe patch]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../CVE-2025-12801-dependent_p1.patch | 81 +++
.../CVE-2025-12801-dependent_p2.patch | 181 +++++++
.../CVE-2025-12801-dependent_p3.patch | 465 ++++++++++++++++++
.../nfs-utils/nfs-utils/CVE-2025-12801.patch | 254 ++++++++++
.../nfs-utils/nfs-utils_2.8.4.bb | 4 +
5 files changed, 985 insertions(+)
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p1.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p2.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p3.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801.patch
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p1.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p1.patch
new file mode 100644
index 00000000000..8f2174c5b81
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p1.patch
@@ -0,0 +1,81 @@
+From 0ea29d6077dacbf6a754b0e648275eec2a576e87 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Mon, 10 Nov 2025 11:26:03 -0500
+Subject: [PATCH 1/4] mountd: Minor refactor of get_rootfh()
+
+Perform the mountpoint checks before checking the user path.
+
+CVE: CVE-2025-12801
+Upstream-Status: Backport [https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=7e8b36522f58657359c6842119fc516c6dd1baa4]
+
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+(cherry picked from commit 7e8b36522f58657359c6842119fc516c6dd1baa4)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ utils/mountd/mountd.c | 34 +++++++++++++++++-----------------
+ 1 file changed, 17 insertions(+), 17 deletions(-)
+
+diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
+index dbd5546d..39afd4aa 100644
+--- a/utils/mountd/mountd.c
++++ b/utils/mountd/mountd.c
+@@ -412,6 +412,23 @@ get_rootfh(struct svc_req *rqstp, dirpath *path, nfs_export **expret,
+ *error = MNT3ERR_ACCES;
+ return NULL;
+ }
++ if (nfsd_path_stat(exp->m_export.e_path, &estb) < 0) {
++ xlog(L_WARNING, "can't stat export point %s: %s",
++ p, strerror(errno));
++ *error = MNT3ERR_NOENT;
++ return NULL;
++ }
++ if (exp->m_export.e_mountpoint &&
++ !check_is_mountpoint(exp->m_export.e_mountpoint[0]?
++ exp->m_export.e_mountpoint:
++ exp->m_export.e_path,
++ nfsd_path_lstat)) {
++ xlog(L_WARNING, "request to export an unmounted filesystem: %s",
++ p);
++ *error = MNT3ERR_NOENT;
++ return NULL;
++ }
++
+ if (nfsd_path_stat(p, &stb) < 0) {
+ xlog(L_WARNING, "can't stat exported dir %s: %s",
+ p, strerror(errno));
+@@ -426,12 +443,6 @@ get_rootfh(struct svc_req *rqstp, dirpath *path, nfs_export **expret,
+ *error = MNT3ERR_NOTDIR;
+ return NULL;
+ }
+- if (nfsd_path_stat(exp->m_export.e_path, &estb) < 0) {
+- xlog(L_WARNING, "can't stat export point %s: %s",
+- p, strerror(errno));
+- *error = MNT3ERR_NOENT;
+- return NULL;
+- }
+ if (estb.st_dev != stb.st_dev
+ && !(exp->m_export.e_flags & NFSEXP_CROSSMOUNT)) {
+ xlog(L_WARNING, "request to export directory %s below nearest filesystem %s",
+@@ -439,17 +450,6 @@ get_rootfh(struct svc_req *rqstp, dirpath *path, nfs_export **expret,
+ *error = MNT3ERR_ACCES;
+ return NULL;
+ }
+- if (exp->m_export.e_mountpoint &&
+- !check_is_mountpoint(exp->m_export.e_mountpoint[0]?
+- exp->m_export.e_mountpoint:
+- exp->m_export.e_path,
+- nfsd_path_lstat)) {
+- xlog(L_WARNING, "request to export an unmounted filesystem: %s",
+- p);
+- *error = MNT3ERR_NOENT;
+- return NULL;
+- }
+-
+ /* This will be a static private nfs_export with just one
+ * address. We feed it to kernel then extract the filehandle,
+ */
+--
+2.35.6
+
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p2.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p2.patch
new file mode 100644
index 00000000000..e078ddd0e86
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p2.patch
@@ -0,0 +1,181 @@
+From 8a19b1f0dd1f09d440a6a94748fe403f7ef8da81 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Mon, 10 Nov 2025 11:28:39 -0500
+Subject: [PATCH 2/4] mountd: Separate lookup of the exported directory and the
+ mount path
+
+When the caller asks to mount a path that does not terminate with an
+exported directory, we want to split up the lookups so that we can
+look up the exported directory using the mountd privileged credential,
+and the remaining subdirectory lookups using the RPC caller's
+credential.
+
+CVE: CVE-2025-12801
+Upstream-Status: Backport [https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=42f01e6a78fed98f12437ac8b28cfb12b6bad056]
+
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+(cherry picked from commit 42f01e6a78fed98f12437ac8b28cfb12b6bad056)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ support/include/nfsd_path.h | 1 +
+ support/misc/nfsd_path.c | 31 ++++++++++++++++++
+ utils/mountd/mountd.c | 63 +++++++++++++++++++++++++++++++------
+ 3 files changed, 86 insertions(+), 9 deletions(-)
+
+diff --git a/support/include/nfsd_path.h b/support/include/nfsd_path.h
+index f600fb5a..3e5a2f5d 100644
+--- a/support/include/nfsd_path.h
++++ b/support/include/nfsd_path.h
+@@ -18,6 +18,7 @@ char * nfsd_path_prepend_dir(const char *dir, const char *pathname);
+
+ int nfsd_path_stat(const char *pathname, struct stat *statbuf);
+ int nfsd_path_lstat(const char *pathname, struct stat *statbuf);
++int nfsd_openat(int dirfd, const char *path, int flags);
+
+ int nfsd_path_statfs(const char *pathname,
+ struct statfs *statbuf);
+diff --git a/support/misc/nfsd_path.c b/support/misc/nfsd_path.c
+index caec33ca..dfe88e4f 100644
+--- a/support/misc/nfsd_path.c
++++ b/support/misc/nfsd_path.c
+@@ -203,6 +203,37 @@ nfsd_realpath(const char *path, char *resolved_buf)
+ return realpath_buf.res_ptr;
+ }
+
++struct nfsd_openat_t {
++ const char *path;
++ int dirfd;
++ int flags;
++ int res_fd;
++ int res_error;
++};
++
++static void nfsd_openatfunc(void *data)
++{
++ struct nfsd_openat_t *d = data;
++
++ d->res_fd = openat(d->dirfd, d->path, d->flags);
++ if (d->res_fd == -1)
++ d->res_error = errno;
++}
++
++int nfsd_openat(int dirfd, const char *path, int flags)
++{
++ struct nfsd_openat_t open_buf = {
++ .path = path,
++ .dirfd = dirfd,
++ .flags = flags,
++ };
++
++ nfsd_run_task(nfsd_openatfunc, &open_buf);
++ if (open_buf.res_fd == -1)
++ errno = open_buf.res_error;
++ return open_buf.res_fd;
++}
++
+ struct nfsd_rw_data {
+ int fd;
+ void* buf;
+diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
+index 39afd4aa..f43ebef5 100644
+--- a/utils/mountd/mountd.c
++++ b/utils/mountd/mountd.c
+@@ -392,7 +392,10 @@ get_rootfh(struct svc_req *rqstp, dirpath *path, nfs_export **expret,
+ struct nfs_fh_len *fh;
+ char rpath[MAXPATHLEN+1];
+ char *p = *path;
++ char *subpath;
+ char buf[INET6_ADDRSTRLEN];
++ size_t epathlen;
++ int dirfd;
+
+ if (*p == '\0')
+ p = "/";
+@@ -412,12 +415,21 @@ get_rootfh(struct svc_req *rqstp, dirpath *path, nfs_export **expret,
+ *error = MNT3ERR_ACCES;
+ return NULL;
+ }
+- if (nfsd_path_stat(exp->m_export.e_path, &estb) < 0) {
+- xlog(L_WARNING, "can't stat export point %s: %s",
++
++ dirfd = nfsd_openat(AT_FDCWD, exp->m_export.e_path, O_PATH);
++ if (dirfd == -1) {
++ xlog(L_WARNING, "can't open export point %s: %s",
+ p, strerror(errno));
+ *error = MNT3ERR_NOENT;
+ return NULL;
+ }
++ if (fstat(dirfd, &estb) == -1) {
++ xlog(L_WARNING, "can't stat export point %s: %s",
++ p, strerror(errno));
++ *error = MNT3ERR_ACCES;
++ close(dirfd);
++ return NULL;
++ }
+ if (exp->m_export.e_mountpoint &&
+ !check_is_mountpoint(exp->m_export.e_mountpoint[0]?
+ exp->m_export.e_mountpoint:
+@@ -426,18 +438,51 @@ get_rootfh(struct svc_req *rqstp, dirpath *path, nfs_export **expret,
+ xlog(L_WARNING, "request to export an unmounted filesystem: %s",
+ p);
+ *error = MNT3ERR_NOENT;
++ close(dirfd);
+ return NULL;
+ }
+
+- if (nfsd_path_stat(p, &stb) < 0) {
+- xlog(L_WARNING, "can't stat exported dir %s: %s",
+- p, strerror(errno));
+- if (errno == ENOENT)
+- *error = MNT3ERR_NOENT;
+- else
+- *error = MNT3ERR_ACCES;
++ epathlen = strlen(exp->m_export.e_path);
++ if (epathlen > strlen(p)) {
++ xlog(L_WARNING, "raced with change of exported path: %s", p);
++ *error = MNT3ERR_NOENT;
++ close(dirfd);
+ return NULL;
+ }
++ subpath = &p[epathlen];
++ while (*subpath == '/')
++ subpath++;
++ if (*subpath != '\0') {
++ int fd;
++
++ /* Just perform a lookup of the path */
++ fd = nfsd_openat(dirfd, subpath, O_PATH);
++ close(dirfd);
++ if (fd == -1) {
++ xlog(L_WARNING, "can't open exported dir %s: %s", p,
++ strerror(errno));
++ if (errno == ENOENT)
++ *error = MNT3ERR_NOENT;
++ else
++ *error = MNT3ERR_ACCES;
++ return NULL;
++ }
++ if (fstat(fd, &stb) == -1) {
++ xlog(L_WARNING, "can't open exported dir %s: %s", p,
++ strerror(errno));
++ if (errno == ENOENT)
++ *error = MNT3ERR_NOENT;
++ else
++ *error = MNT3ERR_ACCES;
++ close(fd);
++ return NULL;
++ }
++ close(fd);
++ } else {
++ close(dirfd);
++ stb = estb;
++ }
++
+ if (!S_ISDIR(stb.st_mode) && !S_ISREG(stb.st_mode)) {
+ xlog(L_WARNING, "%s is not a directory or regular file", p);
+ *error = MNT3ERR_NOTDIR;
+--
+2.35.6
+
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p3.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p3.patch
new file mode 100644
index 00000000000..7c9a1e6d2bc
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p3.patch
@@ -0,0 +1,465 @@
+From 0114ef262d61988b8209b7baab7426eac9a49548 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Mon, 10 Nov 2025 12:18:38 -0500
+Subject: [PATCH 3/4] support: Add a mini-library to extract and apply RPC
+ credentials
+
+Add server functionality to extract the credentials from the client RPC
+call, and apply them. This is needed in order to perform access checking
+on the requested path in the mountd daemon.
+
+CVE: CVE-2025-12801
+Upstream-Status: Backport [https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=51738ae56d922d4961e60dad73ad1c2d97d8d99b]
+
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+(cherry picked from commit 51738ae56d922d4961e60dad73ad1c2d97d8d99b)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ aclocal/libtirpc.m4 | 12 +++
+ support/include/Makefile.am | 1 +
+ support/include/nfs_ucred.h | 44 ++++++++++
+ support/misc/Makefile.am | 2 +-
+ support/misc/ucred.c | 162 ++++++++++++++++++++++++++++++++++++
+ support/nfs/Makefile.am | 2 +-
+ support/nfs/ucred.c | 147 ++++++++++++++++++++++++++++++++
+ 7 files changed, 368 insertions(+), 2 deletions(-)
+ create mode 100644 support/include/nfs_ucred.h
+ create mode 100644 support/misc/ucred.c
+ create mode 100644 support/nfs/ucred.c
+
+diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4
+index ef48a2ae..06629db9 100644
+--- a/aclocal/libtirpc.m4
++++ b/aclocal/libtirpc.m4
+@@ -31,6 +31,18 @@ AC_DEFUN([AC_LIBTIRPC], [
+ [AC_DEFINE([HAVE_TIRPC_GSS_SECCREATE], [1],
+ [Define to 1 if your tirpc library provides rpc_gss_seccreate])],,
+ [${LIBS}])])
++
++ AS_IF([test -n "${LIBTIRPC}"],
++ [AC_CHECK_LIB([tirpc], [rpc_gss_getcred],
++ [AC_DEFINE([HAVE_TIRPC_GSS_GETCRED], [1],
++ [Define to 1 if your tirpc library provides rpc_gss_getcred])],,
++ [${LIBS}])])
++
++ AS_IF([test -n "${LIBTIRPC}"],
++ [AC_CHECK_LIB([tirpc], [authdes_getucred],
++ [AC_DEFINE([HAVE_TIRPC_AUTHDES_GETUCRED], [1],
++ [Define to 1 if your tirpc library provides authdes_getucred])],,
++ [${LIBS}])])
+ AC_SUBST([AM_CPPFLAGS])
+ AC_SUBST(LIBTIRPC)
+
+diff --git a/support/include/Makefile.am b/support/include/Makefile.am
+index 1373891a..631a84f8 100644
+--- a/support/include/Makefile.am
++++ b/support/include/Makefile.am
+@@ -10,6 +10,7 @@ noinst_HEADERS = \
+ misc.h \
+ nfs_mntent.h \
+ nfs_paths.h \
++ nfs_ucred.h \
+ nfsd_path.h \
+ nfslib.h \
+ nfsrpc.h \
+diff --git a/support/include/nfs_ucred.h b/support/include/nfs_ucred.h
+new file mode 100644
+index 00000000..d58b61e4
+--- /dev/null
++++ b/support/include/nfs_ucred.h
+@@ -0,0 +1,44 @@
++#ifndef _NFS_UCRED_H
++#define _NFS_UCRED_H
++
++#include <sys/types.h>
++
++struct nfs_ucred {
++ uid_t uid;
++ gid_t gid;
++ int ngroups;
++ gid_t *groups;
++};
++
++struct svc_req;
++struct exportent;
++
++int nfs_ucred_get(struct nfs_ucred **credp, struct svc_req *rqst,
++ const struct exportent *ep);
++
++void nfs_ucred_squash_groups(struct nfs_ucred *cred,
++ const struct exportent *ep);
++int nfs_ucred_reload_groups(struct nfs_ucred *cred, const struct exportent *ep);
++int nfs_ucred_swap_effective(const struct nfs_ucred *cred,
++ struct nfs_ucred **savedp);
++
++static inline void nfs_ucred_free(struct nfs_ucred *cred)
++{
++ free(cred->groups);
++ free(cred);
++}
++
++static inline void nfs_ucred_init_groups(struct nfs_ucred *cred, gid_t *groups,
++ int ngroups)
++{
++ cred->groups = groups;
++ cred->ngroups = ngroups;
++}
++
++static inline void nfs_ucred_free_groups(struct nfs_ucred *cred)
++{
++ free(cred->groups);
++ nfs_ucred_init_groups(cred, NULL, 0);
++}
++
++#endif /* _NFS_UCRED_H */
+diff --git a/support/misc/Makefile.am b/support/misc/Makefile.am
+index f9993e3a..7ea2d798 100644
+--- a/support/misc/Makefile.am
++++ b/support/misc/Makefile.am
+@@ -2,6 +2,6 @@
+
+ noinst_LIBRARIES = libmisc.a
+ libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c file.c \
+- nfsd_path.c workqueue.c xstat.c
++ nfsd_path.c ucred.c workqueue.c xstat.c
+
+ MAINTAINERCLEANFILES = Makefile.in
+diff --git a/support/misc/ucred.c b/support/misc/ucred.c
+new file mode 100644
+index 00000000..92d97912
+--- /dev/null
++++ b/support/misc/ucred.c
+@@ -0,0 +1,162 @@
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <alloca.h>
++#include <errno.h>
++#include <pwd.h>
++#include <stdlib.h>
++#include <unistd.h>
++#include <grp.h>
++
++#include "exportfs.h"
++#include "nfs_ucred.h"
++
++#include "xlog.h"
++
++void nfs_ucred_squash_groups(struct nfs_ucred *cred, const struct exportent *ep)
++{
++ int i;
++
++ if (!(ep->e_flags & NFSEXP_ROOTSQUASH))
++ return;
++ if (cred->gid == 0)
++ cred->gid = ep->e_anongid;
++ for (i = 0; i < cred->ngroups; i++) {
++ if (cred->groups[i] == 0)
++ cred->groups[i] = ep->e_anongid;
++ }
++}
++
++static int nfs_ucred_init_effective(struct nfs_ucred *cred)
++{
++ int ngroups = getgroups(0, NULL);
++
++ if (ngroups > 0) {
++ size_t sz = ngroups * sizeof(gid_t);
++ gid_t *groups = malloc(sz);
++ if (groups == NULL)
++ return ENOMEM;
++ if (getgroups(ngroups, groups) == -1) {
++ free(groups);
++ return errno;
++ }
++ nfs_ucred_init_groups(cred, groups, ngroups);
++ } else
++ nfs_ucred_init_groups(cred, NULL, 0);
++ cred->uid = geteuid();
++ cred->gid = getegid();
++ return 0;
++}
++
++static size_t nfs_ucred_getpw_r_size_max(void)
++{
++ long buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
++
++ if (buflen == -1)
++ return 16384;
++ return buflen;
++}
++
++int nfs_ucred_reload_groups(struct nfs_ucred *cred, const struct exportent *ep)
++{
++ struct passwd pwd, *pw;
++ uid_t uid = cred->uid;
++ gid_t gid = cred->gid;
++ size_t buflen;
++ char *buf;
++ int ngroups = 0;
++ int ret;
++
++ if (ep->e_flags & (NFSEXP_ALLSQUASH | NFSEXP_ROOTSQUASH) &&
++ (int)uid == ep->e_anonuid)
++ return 0;
++ buflen = nfs_ucred_getpw_r_size_max();
++ buf = alloca(buflen);
++ ret = getpwuid_r(uid, &pwd, buf, buflen, &pw);
++ if (ret != 0)
++ return ret;
++ if (!pw)
++ return ENOENT;
++ if (getgrouplist(pw->pw_name, gid, NULL, &ngroups) == -1 &&
++ ngroups > 0) {
++ gid_t *groups = malloc(ngroups * sizeof(groups[0]));
++ if (groups == NULL)
++ return ENOMEM;
++ if (getgrouplist(pw->pw_name, gid, groups, &ngroups) == -1) {
++ free(groups);
++ return ENOMEM;
++ }
++ free(cred->groups);
++ nfs_ucred_init_groups(cred, groups, ngroups);
++ nfs_ucred_squash_groups(cred, ep);
++ } else
++ nfs_ucred_free_groups(cred);
++ return 0;
++}
++
++static int nfs_ucred_set_effective(const struct nfs_ucred *cred,
++ const struct nfs_ucred *saved)
++{
++ uid_t suid = saved ? saved->uid : geteuid();
++ gid_t sgid = saved ? saved->gid : getegid();
++ int ret;
++
++ /* Start with a privileged effective user */
++ if (setresuid(-1, 0, -1) < 0) {
++ xlog(L_WARNING, "can't change privileged user %u-%u. %s",
++ geteuid(), getegid(), strerror(errno));
++ return errno;
++ }
++
++ if (setgroups(cred->ngroups, cred->groups) == -1) {
++ xlog(L_WARNING, "can't change groups for user %u-%u. %s",
++ geteuid(), getegid(), strerror(errno));
++ return errno;
++ }
++ if (setresgid(-1, cred->gid, sgid) == -1) {
++ xlog(L_WARNING, "can't change gid for user %u-%u. %s",
++ geteuid(), getegid(), strerror(errno));
++ ret = errno;
++ goto restore_groups;
++ }
++ if (setresuid(-1, cred->uid, suid) == -1) {
++ xlog(L_WARNING, "can't change uid for user %u-%u. %s",
++ geteuid(), getegid(), strerror(errno));
++ ret = errno;
++ goto restore_gid;
++ }
++ return 0;
++restore_gid:
++ if (setresgid(-1, sgid, -1) < 0) {
++ xlog(L_WARNING, "can't restore privileged user %u-%u. %s",
++ geteuid(), getegid(), strerror(errno));
++ }
++restore_groups:
++ if (saved)
++ setgroups(saved->ngroups, saved->groups);
++ else
++ setgroups(0, NULL);
++ return ret;
++}
++
++int nfs_ucred_swap_effective(const struct nfs_ucred *cred,
++ struct nfs_ucred **savedp)
++{
++ struct nfs_ucred *saved = malloc(sizeof(*saved));
++ int ret;
++
++ if (saved == NULL)
++ return ENOMEM;
++ ret = nfs_ucred_init_effective(saved);
++ if (ret != 0) {
++ free(saved);
++ return ret;
++ }
++ ret = nfs_ucred_set_effective(cred, saved);
++ if (savedp == NULL || ret != 0)
++ nfs_ucred_free(saved);
++ else
++ *savedp = saved;
++ return ret;
++}
+diff --git a/support/nfs/Makefile.am b/support/nfs/Makefile.am
+index 2e1577cc..f6921265 100644
+--- a/support/nfs/Makefile.am
++++ b/support/nfs/Makefile.am
+@@ -7,7 +7,7 @@ libnfs_la_SOURCES = exports.c rmtab.c xio.c rpcmisc.c rpcdispatch.c \
+ xcommon.c wildmat.c mydaemon.c \
+ rpc_socket.c getport.c \
+ svc_socket.c cacheio.c closeall.c nfs_mntent.c \
+- svc_create.c atomicio.c strlcat.c strlcpy.c
++ svc_create.c atomicio.c strlcat.c strlcpy.c ucred.c
+ libnfs_la_LIBADD = libnfsconf.la
+ libnfs_la_CPPFLAGS = $(AM_CPPFLAGS) $(CPPFLAGS) -I$(top_srcdir)/support/reexport
+
+diff --git a/support/nfs/ucred.c b/support/nfs/ucred.c
+new file mode 100644
+index 00000000..6ea8efdf
+--- /dev/null
++++ b/support/nfs/ucred.c
+@@ -0,0 +1,147 @@
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <errno.h>
++#include <stdlib.h>
++#include <unistd.h>
++#include <rpc/rpc.h>
++
++#include "exportfs.h"
++#include "nfs_ucred.h"
++
++#ifdef HAVE_TIRPC_GSS_GETCRED
++#include <rpc/rpcsec_gss.h>
++#endif /* HAVE_TIRPC_GSS_GETCRED */
++#ifdef HAVE_TIRPC_AUTHDES_GETUCRED
++#include <rpc/auth_des.h>
++#endif /* HAVE_TIRPC_AUTHDES_GETUCRED */
++
++static int nfs_ucred_copy_cred(struct nfs_ucred *cred, uid_t uid, gid_t gid,
++ const gid_t *groups, int ngroups)
++{
++ if (ngroups > 0) {
++ size_t sz = ngroups * sizeof(groups[0]);
++ cred->groups = malloc(sz);
++ if (cred->groups == NULL)
++ return ENOMEM;
++ cred->ngroups = ngroups;
++ memcpy(cred->groups, groups, sz);
++ } else
++ nfs_ucred_init_groups(cred, NULL, 0);
++ cred->uid = uid;
++ cred->gid = gid;
++ return 0;
++}
++
++static int nfs_ucred_init_cred_squashed(struct nfs_ucred *cred,
++ const struct exportent *ep)
++{
++ cred->uid = ep->e_anonuid;
++ cred->gid = ep->e_anongid;
++ nfs_ucred_init_groups(cred, NULL, 0);
++ return 0;
++}
++
++static int nfs_ucred_init_cred(struct nfs_ucred *cred, uid_t uid, gid_t gid,
++ const gid_t *groups, int ngroups,
++ const struct exportent *ep)
++{
++ if (ep->e_flags & NFSEXP_ALLSQUASH) {
++ nfs_ucred_init_cred_squashed(cred, ep);
++ } else if (ep->e_flags & NFSEXP_ROOTSQUASH && uid == 0) {
++ nfs_ucred_init_cred_squashed(cred, ep);
++ if (gid != 0)
++ cred->gid = gid;
++ } else {
++ int ret = nfs_ucred_copy_cred(cred, uid, gid, groups, ngroups);
++ if (ret != 0)
++ return ret;
++ nfs_ucred_squash_groups(cred, ep);
++ }
++ return 0;
++}
++
++static int nfs_ucred_init_null(struct nfs_ucred *cred,
++ const struct exportent *ep)
++{
++ return nfs_ucred_init_cred_squashed(cred, ep);
++}
++
++static int nfs_ucred_init_unix(struct nfs_ucred *cred, struct svc_req *rqst,
++ const struct exportent *ep)
++{
++ struct authunix_parms *aup;
++
++ aup = (struct authunix_parms *)rqst->rq_clntcred;
++ return nfs_ucred_init_cred(cred, aup->aup_uid, aup->aup_gid,
++ aup->aup_gids, aup->aup_len, ep);
++}
++
++#ifdef HAVE_TIRPC_GSS_GETCRED
++static int nfs_ucred_init_gss(struct nfs_ucred *cred, struct svc_req *rqst,
++ const struct exportent *ep)
++{
++ rpc_gss_ucred_t *gss_ucred = NULL;
++
++ if (!rpc_gss_getcred(rqst, NULL, &gss_ucred, NULL) || gss_ucred == NULL)
++ return EINVAL;
++ return nfs_ucred_init_cred(cred, gss_ucred->uid, gss_ucred->gid,
++ gss_ucred->gidlist, gss_ucred->gidlen, ep);
++}
++#endif /* HAVE_TIRPC_GSS_GETCRED */
++
++#ifdef HAVE_TIRPC_AUTHDES_GETUCRED
++int authdes_getucred(struct authdes_cred *adc, uid_t *uid, gid_t *gid,
++ int *grouplen, gid_t *groups);
++
++static int nfs_ucred_init_des(struct nfs_ucred *cred, struct svc_req *rqst,
++ const struct exportent *ep)
++{
++ struct authdes_cred *des_cred;
++ uid_t uid;
++ gid_t gid;
++ int grouplen;
++ gid_t groups[NGROUPS];
++
++ des_cred = (struct authdes_cred *)rqst->rq_clntcred;
++ if (!authdes_getucred(des_cred, &uid, &gid, &grouplen, &groups[0]))
++ return EINVAL;
++ return nfs_ucred_init_cred(cred, uid, gid, groups, grouplen, ep);
++}
++#endif /* HAVE_TIRPC_AUTHDES_GETUCRED */
++
++int nfs_ucred_get(struct nfs_ucred **credp, struct svc_req *rqst,
++ const struct exportent *ep)
++{
++ struct nfs_ucred *cred = malloc(sizeof(*cred));
++ int ret;
++
++ *credp = NULL;
++ if (cred == NULL)
++ return ENOMEM;
++ switch (rqst->rq_cred.oa_flavor) {
++ case AUTH_UNIX:
++ ret = nfs_ucred_init_unix(cred, rqst, ep);
++ break;
++#ifdef HAVE_TIRPC_GSS_GETCRED
++ case RPCSEC_GSS:
++ ret = nfs_ucred_init_gss(cred, rqst, ep);
++ break;
++#endif /* HAVE_TIRPC_GSS_GETCRED */
++#ifdef HAVE_TIRPC_AUTHDES_GETUCRED
++ case AUTH_DES:
++ ret = nfs_ucred_init_des(cred, rqst, ep);
++ break;
++#endif /* HAVE_TIRPC_AUTHDES_GETUCRED */
++ default:
++ ret = nfs_ucred_init_null(cred, ep);
++ break;
++ }
++ if (ret == 0) {
++ *credp = cred;
++ return 0;
++ }
++ free(cred);
++ return ret;
++}
+--
+2.35.6
+
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801.patch
new file mode 100644
index 00000000000..23e18ffdab4
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801.patch
@@ -0,0 +1,254 @@
+From 6dc289e68d8432eb4fc4f397fed28435bf600bb1 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Thu, 5 Mar 2026 10:41:02 -0500
+Subject: [PATCH 4/4] Fix access checks when mounting subdirectories in NFSv3
+
+If a NFSv3 client asks to mount a subdirectory of one of the exported
+directories, then apply the RPC credential together with any root
+or all squash rules that would apply to the client in question.
+
+CVE: CVE-2025-12801
+Upstream-Status: Backport [https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=f36bd900a899088ca1925de079bd58d6205a1f3c]
+
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Scott Mayhew <smayhew@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+(cherry picked from commit f36bd900a899088ca1925de079bd58d6205a1f3c)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ nfs.conf | 1 +
+ support/include/nfsd_path.h | 9 ++++++++-
+ support/misc/nfsd_path.c | 32 ++++++++++++++++++++++++++++++--
+ utils/mountd/mountd.c | 28 ++++++++++++++++++++++++++--
+ utils/mountd/mountd.man | 26 ++++++++++++++++++++++++++
+ 5 files changed, 91 insertions(+), 5 deletions(-)
+
+diff --git a/nfs.conf b/nfs.conf
+index 3cca68c3..ddf0c143 100644
+--- a/nfs.conf
++++ b/nfs.conf
+@@ -46,6 +46,7 @@
+ # ttl=1800
+ [mountd]
+ # debug="all|auth|call|general|parse"
++# apply-root-cred=n
+ # manage-gids=n
+ # descriptors=0
+ # port=0
+diff --git a/support/include/nfsd_path.h b/support/include/nfsd_path.h
+index 3e5a2f5d..06c0f2f4 100644
+--- a/support/include/nfsd_path.h
++++ b/support/include/nfsd_path.h
+@@ -9,6 +9,7 @@
+ struct file_handle;
+ struct statfs;
+ struct nfsd_task_t;
++struct nfs_ucred;
+
+ void nfsd_path_init(void);
+
+@@ -18,7 +19,8 @@ char * nfsd_path_prepend_dir(const char *dir, const char *pathname);
+
+ int nfsd_path_stat(const char *pathname, struct stat *statbuf);
+ int nfsd_path_lstat(const char *pathname, struct stat *statbuf);
+-int nfsd_openat(int dirfd, const char *path, int flags);
++int nfsd_cred_openat(const struct nfs_ucred *cred, int dirfd,
++ const char *path, int flags);
+
+ int nfsd_path_statfs(const char *pathname,
+ struct statfs *statbuf);
+@@ -31,4 +33,9 @@ ssize_t nfsd_path_write(int fd, void* buf, size_t len);
+ int nfsd_name_to_handle_at(int fd, const char *path,
+ struct file_handle *fh,
+ int *mount_id, int flags);
++
++static inline int nfsd_openat(int dirfd, const char *path, int flags)
++{
++ return nfsd_cred_openat(NULL, dirfd, path, flags);
++}
+ #endif
+diff --git a/support/misc/nfsd_path.c b/support/misc/nfsd_path.c
+index dfe88e4f..6466666d 100644
+--- a/support/misc/nfsd_path.c
++++ b/support/misc/nfsd_path.c
+@@ -17,6 +17,7 @@
+ #include "xstat.h"
+ #include "nfslib.h"
+ #include "nfsd_path.h"
++#include "nfs_ucred.h"
+ #include "workqueue.h"
+
+ static struct xthread_workqueue *nfsd_wq = NULL;
+@@ -204,6 +205,7 @@ nfsd_realpath(const char *path, char *resolved_buf)
+ }
+
+ struct nfsd_openat_t {
++ const struct nfs_ucred *cred;
+ const char *path;
+ int dirfd;
+ int flags;
+@@ -220,15 +222,41 @@ static void nfsd_openatfunc(void *data)
+ d->res_error = errno;
+ }
+
+-int nfsd_openat(int dirfd, const char *path, int flags)
++static void nfsd_cred_openatfunc(void *data)
++{
++ struct nfsd_openat_t *d = data;
++ struct nfs_ucred *saved = NULL;
++ int ret;
++
++ ret = nfs_ucred_swap_effective(d->cred, &saved);
++ if (ret != 0) {
++ d->res_fd = -1;
++ d->res_error = ret;
++ return;
++ }
++
++ nfsd_openatfunc(data);
++
++ if (saved != NULL) {
++ nfs_ucred_swap_effective(saved, NULL);
++ nfs_ucred_free(saved);
++ }
++}
++
++int nfsd_cred_openat(const struct nfs_ucred *cred, int dirfd, const char *path,
++ int flags)
+ {
+ struct nfsd_openat_t open_buf = {
++ .cred = cred,
+ .path = path,
+ .dirfd = dirfd,
+ .flags = flags,
+ };
+
+- nfsd_run_task(nfsd_openatfunc, &open_buf);
++ if (cred)
++ nfsd_run_task(nfsd_cred_openatfunc, &open_buf);
++ else
++ nfsd_run_task(nfsd_openatfunc, &open_buf);
+ if (open_buf.res_fd == -1)
+ errno = open_buf.res_error;
+ return open_buf.res_fd;
+diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
+index f43ebef5..6e6777cd 100644
+--- a/utils/mountd/mountd.c
++++ b/utils/mountd/mountd.c
+@@ -31,6 +31,7 @@
+ #include "nfsd_path.h"
+ #include "nfslib.h"
+ #include "export.h"
++#include "nfs_ucred.h"
+
+ extern void my_svc_run(void);
+
+@@ -40,6 +41,7 @@ static struct nfs_fh_len *get_rootfh(struct svc_req *, dirpath *, nfs_export **,
+
+ int reverse_resolve = 0;
+ int manage_gids;
++int apply_root_cred;
+ int use_ipaddr = -1;
+
+ /* PRC: a high-availability callout program can be specified with -H
+@@ -74,9 +76,10 @@ static struct option longopts[] =
+ { "log-auth", 0, 0, 'l'},
+ { "cache-use-ipaddr", 0, 0, 'i'},
+ { "ttl", 1, 0, 'T'},
++ { "apply-root-cred", 0, 0, 'c' },
+ { NULL, 0, 0, 0 }
+ };
+-static char shortopts[] = "o:nFd:p:P:hH:N:V:vurs:t:gliT:";
++static char shortopts[] = "o:nFd:p:P:hH:N:V:vurs:t:gliT:c";
+
+ #define NFSVERSBIT(vers) (0x1 << (vers - 1))
+ #define NFSVERSBIT_ALL (NFSVERSBIT(2) | NFSVERSBIT(3) | NFSVERSBIT(4))
+@@ -453,11 +456,27 @@ get_rootfh(struct svc_req *rqstp, dirpath *path, nfs_export **expret,
+ while (*subpath == '/')
+ subpath++;
+ if (*subpath != '\0') {
++ struct nfs_ucred *cred = NULL;
+ int fd;
+
++ /* Load the user cred */
++ if (!apply_root_cred) {
++ nfs_ucred_get(&cred, rqstp, &exp->m_export);
++ if (cred == NULL) {
++ xlog(L_WARNING, "can't retrieve credential");
++ *error = MNT3ERR_ACCES;
++ close(dirfd);
++ return NULL;
++ }
++ if (manage_gids)
++ nfs_ucred_reload_groups(cred, &exp->m_export);
++ }
++
+ /* Just perform a lookup of the path */
+- fd = nfsd_openat(dirfd, subpath, O_PATH);
++ fd = nfsd_cred_openat(cred, dirfd, subpath, O_PATH);
+ close(dirfd);
++ if (cred)
++ nfs_ucred_free(cred);
+ if (fd == -1) {
+ xlog(L_WARNING, "can't open exported dir %s: %s", p,
+ strerror(errno));
+@@ -681,6 +700,8 @@ read_mountd_conf(char **argv)
+ ttl = conf_get_num("mountd", "ttl", default_ttl);
+ if (ttl > 0)
+ default_ttl = ttl;
++ apply_root_cred = conf_get_bool("mountd", "apply-root-cred",
++ apply_root_cred);
+ }
+
+ int
+@@ -794,6 +815,9 @@ main(int argc, char **argv)
+ }
+ default_ttl = ttl;
+ break;
++ case 'c':
++ apply_root_cred = 1;
++ break;
+ case 0:
+ break;
+ case '?':
+diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man
+index a206a3e2..f4f1fc23 100644
+--- a/utils/mountd/mountd.man
++++ b/utils/mountd/mountd.man
+@@ -242,6 +242,32 @@ can support both NFS version 2 and the newer version 3.
+ Print the version of
+ .B rpc.mountd
+ and exit.
++.TP
++.B \-c " or " \-\-apply-root-cred
++When mountd is asked to allow a NFSv3 mount to a subdirectory of the
++exported directory, then it will check if the user asking to mount has
++lookup rights to the directories below that exported directory. When
++performing the check, mountd will apply any root squash or all squash
++rules that were specified for that client.
++
++Performing lookup checks as the user requires that the mountd daemon
++be run as root or that it be given CAP_SETUID and CAP_SETGID privileges
++so that it can change its own effective user and effective group settings.
++When troubleshooting, please also note that LSM frameworks such as SELinux
++can sometimes prevent the daemon from changing the effective user/groups
++despite the capability settings.
++
++In earlier versions of mountd, the same checks were performed using the
++mountd daemon's root privileges, meaning that it could authorise access
++to directories that are not normally accessible to the user requesting
++to mount them. This option enables that legacy behaviour.
++
++.BR Note:
++If there is a need to provide access to specific subdirectories that
++are not normally accessible to a client, it is always possible to add
++export entries that explicitly grant such access. That ability does
++not depend on this option being enabled.
++
+ .TP
+ .B \-g " or " \-\-manage-gids
+ Accept requests from the kernel to map user id numbers into lists of
+--
+2.35.6
+
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb
index 08e7dd89003..04f65fdff38 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb
@@ -24,6 +24,10 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \
file://0004-Use-nogroup-for-nobody-group.patch \
file://0005-find-OE-provided-Kerberos.patch \
+ file://CVE-2025-12801-dependent_p1.patch \
+ file://CVE-2025-12801-dependent_p2.patch \
+ file://CVE-2025-12801-dependent_p3.patch \
+ file://CVE-2025-12801.patch \
"
SRC_URI[sha256sum] = "11c4cc598a434d7d340bad3e072a373ba1dcc2c49f855d44b202222b78ecdbf5"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 07/47] sqlite3: Fix CVE-2025-70873
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (5 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 06/47] nfs-utils: Fix CVE-2025-12801 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 08/47] python3: upgrade 3.13.11 -> 3.13.12 Yoann Congal
` (40 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Pick patch as per [1]
[1] https://sqlite.org/src/info/3d459f1fb1bd1b5e
[2] https://sqlite.org/forum/forumpost/761eac3c82
[3] https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../sqlite/files/CVE-2025-70873.patch | 33 +++++++++++++++++++
meta/recipes-support/sqlite/sqlite3_3.48.0.bb | 1 +
2 files changed, 34 insertions(+)
create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-70873.patch
diff --git a/meta/recipes-support/sqlite/files/CVE-2025-70873.patch b/meta/recipes-support/sqlite/files/CVE-2025-70873.patch
new file mode 100644
index 00000000000..5c8c429a157
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2025-70873.patch
@@ -0,0 +1,33 @@
+From 5a05c59d4d75c03f23d5fb70feac9f789954bf8a Mon Sep 17 00:00:00 2001
+From: drh <>
+Date: Sat, 6 Dec 2025 20:41:24 +0000
+Subject: [PATCH] In the zipfile extension, only return as many bytes as
+ Inflate actually generated. [forum:/forumpost/761eac3c82|Forum post
+ 761eac3c82]. Adjust ./configure so that it builds zipfile into testfixture if
+ ZLIB is available, so that tests get run on unix platforms.
+
+FossilOrigin-Name: 3d459f1fb1bd1b5e723629c463ab392af7b206ece3388bda216c6a4c26160909
+
+Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/5a05c59d4d75c03f23d5fb70feac9f789954bf8a]
+CVE: CVE-2025-70873
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ shell.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/shell.c b/shell.c
+index ca26f8a..a3f7898 100644
+--- a/shell.c
++++ b/shell.c
+@@ -11141,7 +11141,7 @@ static void zipfileInflate(
+ if( err!=Z_STREAM_END ){
+ zipfileCtxErrorMsg(pCtx, "inflate() failed (%d)", err);
+ }else{
+- sqlite3_result_blob(pCtx, aRes, nOut, zipfileFree);
++ sqlite3_result_blob(pCtx, aRes, (int)str.total_out, zipfileFree);
+ aRes = 0;
+ }
+ }
+--
+2.43.0
+
diff --git a/meta/recipes-support/sqlite/sqlite3_3.48.0.bb b/meta/recipes-support/sqlite/sqlite3_3.48.0.bb
index c9ff062255f..df261bdbf86 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.48.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.48.0.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
SRC_URI = "http://www.sqlite.org/2025/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://CVE-2025-3277.patch \
file://CVE-2025-6965.patch \
+ file://CVE-2025-70873.patch \
"
SRC_URI[sha256sum] = "ac992f7fca3989de7ed1fe99c16363f848794c8c32a158dafd4eb927a2e02fd5"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 08/47] python3: upgrade 3.13.11 -> 3.13.12
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (6 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 07/47] sqlite3: Fix CVE-2025-70873 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 09/47] libarchive: upgrade 3.8.5 -> 3.8.6 Yoann Congal
` (39 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Handles CVE-2025-15282
Release information:
* https://www.python.org/downloads/release/python-31312/
* Python 3.13.12 is the twelfth maintenance release of 3.13, containing around 240 bugfixes, build improvements and documentation changes since 3.13.11.
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
[YC: Full changelog: https://docs.python.org/release/3.13.12/whatsnew/changelog.html ]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../python/{python3_3.13.11.bb => python3_3.13.12.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3_3.13.11.bb => python3_3.13.12.bb} (99%)
diff --git a/meta/recipes-devtools/python/python3_3.13.11.bb b/meta/recipes-devtools/python/python3_3.13.12.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.13.11.bb
rename to meta/recipes-devtools/python/python3_3.13.12.bb
index 2bc2389b7e4..e30acebe20d 100644
--- a/meta/recipes-devtools/python/python3_3.13.11.bb
+++ b/meta/recipes-devtools/python/python3_3.13.12.bb
@@ -36,7 +36,7 @@ SRC_URI:append:class-native = " \
file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
"
-SRC_URI[sha256sum] = "16ede7bb7cdbfa895d11b0642fa0e523f291e6487194d53cf6d3b338c3a17ea2"
+SRC_URI[sha256sum] = "2a84cd31dd8d8ea8aaff75de66fc1b4b0127dd5799aa50a64ae9a313885b4593"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 09/47] libarchive: upgrade 3.8.5 -> 3.8.6
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (7 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 08/47] python3: upgrade 3.13.11 -> 3.13.12 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 10/47] vim: Fix CVE-2026-33412 Yoann Congal
` (38 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Release information [1]:
Libarchive 3.8.6 is a security and bugfix release.
Notable fixes:
* libarchive: fix incompatibility with Nettle 4.x (#2858)
* libarchive: fix NULL pointer dereference in archive_acl_from_text_w() (#2859)
* bsdunzip: fix ISO week year and Gregorian year confusion (#2860)
* 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation (#2864)
* 7zip: fix out-of-bounds access on ELF 64-bit header (#2875)
* RAR5 reader: fix infinite loop in rar5 decompression (#2877)
* RAR5 reader: fix potential memory leak (#2892)
* RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called twice (#2893)
* CAB reader: fix memory leak on repeated calls to archive_read_support_format_cab (#2895)
* mtree reader: Fix file descriptor leak in mtree parser cleanup (CWE-775, #2878)
* various small bugfixes in code and documentation
[1] https://github.com/libarchive/libarchive/releases/tag/v3.8.6
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9e5d18040b0999dbfaea09b8a8a9f8a4bcac6349)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../libarchive/{libarchive_3.8.5.bb => libarchive_3.8.6.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/libarchive/{libarchive_3.8.5.bb => libarchive_3.8.6.bb} (96%)
diff --git a/meta/recipes-extended/libarchive/libarchive_3.8.5.bb b/meta/recipes-extended/libarchive/libarchive_3.8.6.bb
similarity index 96%
rename from meta/recipes-extended/libarchive/libarchive_3.8.5.bb
rename to meta/recipes-extended/libarchive/libarchive_3.8.6.bb
index fcfaf5d2313..c984eb78401 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.8.5.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.8.6.bb
@@ -32,7 +32,7 @@ EXTRA_OECONF += "--enable-largefile --without-iconv"
SRC_URI = "https://libarchive.org/downloads/libarchive-${PV}.tar.gz"
UPSTREAM_CHECK_URI = "https://www.libarchive.org/"
-SRC_URI[sha256sum] = "8a60f3a7bfd59c54ce82ae805a93dba65defd04148c3333b7eaa2102f03b7ffd"
+SRC_URI[sha256sum] = "213269b05aac957c98f6e944774bb438d0bd168a2ec60b9e4f8d92035925821c"
inherit autotools update-alternatives pkgconfig
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 10/47] vim: Fix CVE-2026-33412
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (8 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 09/47] libarchive: upgrade 3.8.5 -> 3.8.6 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 11/47] vim: Fix CVE-2026-28418 Yoann Congal
` (37 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Pick patch from [1] also mentioned in NVD report with [2]
[1] https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-33412
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../vim/files/CVE-2026-33412.patch | 61 +++++++++++++++++++
meta/recipes-support/vim/vim.inc | 1 +
2 files changed, 62 insertions(+)
create mode 100644 meta/recipes-support/vim/files/CVE-2026-33412.patch
diff --git a/meta/recipes-support/vim/files/CVE-2026-33412.patch b/meta/recipes-support/vim/files/CVE-2026-33412.patch
new file mode 100644
index 00000000000..62daa308b58
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-33412.patch
@@ -0,0 +1,61 @@
+From 645ed6597d1ea896c712cd7ddbb6edee79577e9a Mon Sep 17 00:00:00 2001
+From: pyllyukko <pyllyukko@maimed.org>
+Date: Thu, 19 Mar 2026 19:58:05 +0000
+Subject: [PATCH] patch 9.2.0202: [security]: command injection via newline in
+ glob()
+
+Problem: The glob() function on Unix-like systems does not escape
+ newline characters when expanding wildcards. A maliciously
+ crafted string containing '\n' can be used as a command
+ separator to execute arbitrary shell commands via
+ mch_expand_wildcards(). This depends on the user's 'shell'
+ setting.
+Solution: Add the newline character ('\n') to the SHELL_SPECIAL
+ definition to ensure it is properly escaped before being
+ passed to the shell (pyllyukko).
+
+closes: #19746
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
+
+Signed-off-by: pyllyukko <pyllyukko@maimed.org>
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+CVE: CVE-2026-33412
+Upstream-Status: Backport [https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/os_unix.c | 2 +-
+ src/version.c | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/os_unix.c b/src/os_unix.c
+index cf195e62e1..d767956b1a 100644
+--- a/src/os_unix.c
++++ b/src/os_unix.c
+@@ -7106,7 +7106,7 @@ mch_expandpath(
+ # define SEEK_END 2
+ #endif
+
+-#define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|"
++# define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|\n"
+
+ int
+ mch_expand_wildcards(
+diff --git a/src/version.c b/src/version.c
+index 4f3912aedd..712a3e637c 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -724,6 +724,8 @@ static char *(features[]) =
+
+ static int included_patches[] =
+ { /* Add new patch number below this line */
++/**/
++ 1684,
+ /**/
+ 1683,
+ /**/
+--
+2.50.1
+
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 792a46faf75..c29361cf3c0 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -18,6 +18,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https;tag=v${PV}
file://no-path-adjust.patch \
file://CVE-2026-25749.patch \
file://CVE-2026-26269.patch \
+ file://CVE-2026-33412.patch \
"
PV .= ".1683"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 11/47] vim: Fix CVE-2026-28418
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (9 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 10/47] vim: Fix CVE-2026-33412 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 12/47] vim: Fix CVE-2026-28419 Yoann Congal
` (36 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Pick patch from [1] also mentioned in [2]
[1] https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb46c3a9e76f684da2d
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-28418
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../vim/files/CVE-2026-28418.patch | 78 +++++++++++++++++++
meta/recipes-support/vim/vim.inc | 1 +
2 files changed, 79 insertions(+)
create mode 100644 meta/recipes-support/vim/files/CVE-2026-28418.patch
diff --git a/meta/recipes-support/vim/files/CVE-2026-28418.patch b/meta/recipes-support/vim/files/CVE-2026-28418.patch
new file mode 100644
index 00000000000..3a80ba77f7d
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-28418.patch
@@ -0,0 +1,78 @@
+From f6a7f469a9c0d09e84cd6cb46c3a9e76f684da2d Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Mon, 23 Feb 2026 18:30:11 +0000
+Subject: [PATCH] patch 9.2.0074: [security]: Crash with overlong emacs tag
+ file
+
+Problem: Crash with overlong emacs tag file, because of an OOB buffer
+ read (ehdgks0627, un3xploitable)
+Solution: Check for end of buffer and return early.
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-h4mf-vg97-hj8j
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+CVE: CVE-2026-28418
+Upstream-Status: Backport [https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb46c3a9e76f684da2d]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/tag.c | 3 +++
+ src/testdir/test_taglist.vim | 15 +++++++++++++++
+ src/version.c | 2 ++
+ 3 files changed, 20 insertions(+)
+
+diff --git a/src/tag.c b/src/tag.c
+index a32bbb2459..45af67f20d 100644
+--- a/src/tag.c
++++ b/src/tag.c
+@@ -1902,6 +1902,9 @@ emacs_tags_new_filename(findtags_state_T *st)
+
+ for (p = st->ebuf; *p && *p != ','; p++)
+ ;
++ // invalid
++ if (*p == NUL)
++ return;
+ *p = NUL;
+
+ // check for an included tags file.
+diff --git a/src/testdir/test_taglist.vim b/src/testdir/test_taglist.vim
+index 5a946042be..506e64f7ae 100644
+--- a/src/testdir/test_taglist.vim
++++ b/src/testdir/test_taglist.vim
+@@ -301,4 +301,19 @@ func Test_tag_complete_with_overlong_line()
+ set tags&
+ endfunc
+
++" This used to crash Vim
++func Test_evil_emacs_tagfile()
++ CheckFeature emacs_tags
++ let longline = repeat('a', 515)
++ call writefile([
++ \ "\x0c",
++ \ longline
++ \ ], 'Xtags', 'D')
++ set tags=Xtags
++
++ call assert_fails(':tag a', 'E426:')
++
++ set tags&
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab
+diff --git a/src/version.c b/src/version.c
+index 712a3e637c..7d265ab641 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -724,6 +724,8 @@ static char *(features[]) =
+
+ static int included_patches[] =
+ { /* Add new patch number below this line */
++/**/
++ 1685,
+ /**/
+ 1684,
+ /**/
+--
+2.50.1
+
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index c29361cf3c0..11200a08240 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -19,6 +19,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https;tag=v${PV}
file://CVE-2026-25749.patch \
file://CVE-2026-26269.patch \
file://CVE-2026-33412.patch \
+ file://CVE-2026-28418.patch \
"
PV .= ".1683"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 12/47] vim: Fix CVE-2026-28419
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (10 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 11/47] vim: Fix CVE-2026-28418 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 13/47] binutils: Fix build with GLIBC 2.43 on the host Yoann Congal
` (35 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Pick patch from [1] also mentioned in [2]
[1] https://github.com/vim/vim/commit/9b7dfa2948c9e1e5e32a5812812d580c7879f4a0
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-28419
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../vim/files/CVE-2026-28419.patch | 86 +++++++++++++++++++
meta/recipes-support/vim/vim.inc | 1 +
2 files changed, 87 insertions(+)
create mode 100644 meta/recipes-support/vim/files/CVE-2026-28419.patch
diff --git a/meta/recipes-support/vim/files/CVE-2026-28419.patch b/meta/recipes-support/vim/files/CVE-2026-28419.patch
new file mode 100644
index 00000000000..91100a7e91e
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-28419.patch
@@ -0,0 +1,86 @@
+From 9b7dfa2948c9e1e5e32a5812812d580c7879f4a0 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Mon, 23 Feb 2026 19:35:25 +0000
+Subject: [PATCH] patch 9.2.0075: [security]: Buffer underflow with emacs tag
+ file
+
+Problem: When parsing a malformed Emacs-style tags file, a 1-byte
+ heap-buffer-underflow read occurs if the 0x7f delimiter
+ appears at the very beginning of a line. This happens
+ because the code attempts to scan backward for a tag
+ name from the delimiter without checking if space exists.
+ (ehdgks0627, un3xploitable)
+Solution: Add a check to ensure the delimiter (p_7f) is not at the
+ start of the buffer (lbuf) before attempting to isolate
+ the tag name.
+
+GitHub Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-xcc8-r6c5-hvwv
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+
+CVE: CVE-2026-28419
+Upstream-Status: Backport [https://github.com/vim/vim/commit/9b7dfa2948c9e1e5e32a5812812d580c7879f4a0]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/tag.c | 3 +++
+ src/testdir/test_taglist.vim | 16 ++++++++++++++++
+ src/version.c | 2 ++
+ 3 files changed, 21 insertions(+)
+
+diff --git a/src/tag.c b/src/tag.c
+index 45af67f20d..d3a73997bb 100644
+--- a/src/tag.c
++++ b/src/tag.c
+@@ -2023,6 +2023,9 @@ etag_fail:
+ }
+ else // second format: isolate tagname
+ {
++ if (p_7f == lbuf)
++ goto etag_fail;
++
+ // find end of tagname
+ for (p = p_7f - 1; !vim_iswordc(*p); --p)
+ if (p == lbuf)
+diff --git a/src/testdir/test_taglist.vim b/src/testdir/test_taglist.vim
+index 506e64f7ae..42ecc4b76e 100644
+--- a/src/testdir/test_taglist.vim
++++ b/src/testdir/test_taglist.vim
+@@ -316,4 +316,20 @@ func Test_evil_emacs_tagfile()
+ set tags&
+ endfunc
+
++" This used to crash Vim due to a heap-buffer-underflow
++func Test_emacs_tagfile_underflow()
++ CheckFeature emacs_tags
++ " The sequence from the crash artifact:
++ let lines = [
++ \ "\x0c\xff\xffT\x19\x8a",
++ \ "\x19\x19\x0dtags\x19\x19\x19\x00\xff\xff\xff",
++ \ "\x7f3\x0c"
++ \ ]
++ call writefile(lines, 'Xtags', 'D')
++ set tags=Xtags
++ call assert_fails(':tag a', 'E431:')
++
++ set tags&
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab
+diff --git a/src/version.c b/src/version.c
+index 7d265ab641..4f47ec2688 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -724,6 +724,8 @@ static char *(features[]) =
+
+ static int included_patches[] =
+ { /* Add new patch number below this line */
++/**/
++ 1686,
+ /**/
+ 1685,
+ /**/
+--
+2.50.1
+
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 11200a08240..70d3dbf7d8c 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https;tag=v${PV}
file://CVE-2026-26269.patch \
file://CVE-2026-33412.patch \
file://CVE-2026-28418.patch \
+ file://CVE-2026-28419.patch \
"
PV .= ".1683"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 13/47] binutils: Fix build with GLIBC 2.43 on the host
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (11 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 12/47] vim: Fix CVE-2026-28419 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 14/47] gcc: backport a fix for building with gcc-16 Yoann Congal
` (34 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Zoltán Böszörményi <zboszor@gmail.com>
Added a patch to fix a build error in the CALL_UTIL() macro
when built against GLIBC 2.43 on Fedora 44. This fixes
binutils-native.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../binutils/binutils-2.45.inc | 1 +
...tect-against-standard-library-macros.patch | 34 +++++++++++++++++++
2 files changed, 35 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/0001-gprofng-protect-against-standard-library-macros.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
index f635d76069a..81d46bfb734 100644
--- a/meta/recipes-devtools/binutils/binutils-2.45.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
@@ -52,4 +52,5 @@ SRC_URI = "\
file://CVE-2025-69644_CVE-2025-69647.patch \
file://CVE-2025-69649.patch \
file://CVE-2025-69652.patch \
+ file://0001-gprofng-protect-against-standard-library-macros.patch \
"
diff --git a/meta/recipes-devtools/binutils/binutils/0001-gprofng-protect-against-standard-library-macros.patch b/meta/recipes-devtools/binutils/binutils/0001-gprofng-protect-against-standard-library-macros.patch
new file mode 100644
index 00000000000..b626c51b6cd
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0001-gprofng-protect-against-standard-library-macros.patch
@@ -0,0 +1,34 @@
+From 5f66aee7f4bec7a2d8378034116f5e5c3dc50f41 Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@suse.de>
+Date: Sat, 22 Nov 2025 11:29:43 +0100
+Subject: [PATCH] gprofng: protect against standard library macros
+
+The CALL_UTIL macro can expand to an unparsable expression of the argument
+is a macro, like with the new const-preserving standard library macros in
+C23.
+
+ * gprofng/src/collector_module.h (CALL_UTIL): Add parens to not
+ expand its argument if it is a function-like macro.
+
+Signed-off-by: Andreas Schwab <schwab@suse.de>
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=5f66aee7f4bec7a2d8378034116f5e5c3dc50f41]
+---
+ gprofng/src/collector_module.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gprofng/src/collector_module.h b/gprofng/src/collector_module.h
+index b64d69c45ab..859a6dd1f7d 100644
+--- a/gprofng/src/collector_module.h
++++ b/gprofng/src/collector_module.h
+@@ -119,7 +119,7 @@ typedef struct CollectorUtilFuncs
+ extern CollectorUtilFuncs __collector_util_funcs;
+ extern int __collector_dlsym_guard;
+
+-#define CALL_UTIL(x) __collector_util_funcs.x
++#define CALL_UTIL(x) (__collector_util_funcs.x)
+
+ /* The following constants define the meaning of the "void *arg"
+ * argument of getFrameInfo().
+--
+2.53.0
+
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 14/47] gcc: backport a fix for building with gcc-16
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (12 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 13/47] binutils: Fix build with GLIBC 2.43 on the host Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 15/47] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3 Yoann Congal
` (33 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
Fixes:
https://errors.yoctoproject.org/Errors/Details/905192/
when building on host with gcc-16
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9eabea38f0c17d41d97284d63a25e45da3c9bbcc)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/gcc/gcc-15.2.inc | 1 +
...dy-Make-it-buildable-by-C-11-to-C-26.patch | 257 ++++++++++++++++++
2 files changed, 258 insertions(+)
create mode 100644 meta/recipes-devtools/gcc/gcc/0028-libcody-Make-it-buildable-by-C-11-to-C-26.patch
diff --git a/meta/recipes-devtools/gcc/gcc-15.2.inc b/meta/recipes-devtools/gcc/gcc-15.2.inc
index d178b254878..69eff3621d0 100644
--- a/meta/recipes-devtools/gcc/gcc-15.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-15.2.inc
@@ -73,6 +73,7 @@ SRC_URI = "${BASEURI} \
file://0024-Avoid-hardcoded-build-paths-into-ppc-libgcc.patch \
file://0025-gcc-testsuite-tweaks-for-mips-OE.patch \
file://0026-fix-pr90579-testcases.patch \
+ file://0028-libcody-Make-it-buildable-by-C-11-to-C-26.patch \
"
UNPACKDIR = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/sources"
diff --git a/meta/recipes-devtools/gcc/gcc/0028-libcody-Make-it-buildable-by-C-11-to-C-26.patch b/meta/recipes-devtools/gcc/gcc/0028-libcody-Make-it-buildable-by-C-11-to-C-26.patch
new file mode 100644
index 00000000000..431facb0110
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0028-libcody-Make-it-buildable-by-C-11-to-C-26.patch
@@ -0,0 +1,257 @@
+From 0ffe3c9af4e5d5468df742512b6e930fe7039230 Mon Sep 17 00:00:00 2001
+From: Jakub Jelinek <jakub@redhat.com>
+Date: Fri, 21 Nov 2025 16:25:58 +0100
+Subject: [PATCH] libcody: Make it buildable by C++11 to C++26
+
+The following builds with -std=c++11 and c++14 and c++17 and c++20 and c++23
+and c++26.
+
+I see the u8 string literals are mixed e.g. with strerror, so in
+-fexec-charset=IBM1047 there will still be garbage, so am not 100% sure if
+the u8 literals everywhere are worth it either.
+
+2025-11-21 Jakub Jelinek <jakub@redhat.com>
+
+ * cody.hh (S2C): For __cpp_char8_t >= 201811 use char8_t instead of
+ char in argument type.
+ (MessageBuffer::Space): Revert 2025-11-15 change.
+ (MessageBuffer::Append): For __cpp_char8_t >= 201811 add overload
+ with char8_t const * type of first argument.
+ (Packet::Packet): Similarly for first argument.
+ * client.cc (CommunicationError, Client::ProcessResponse,
+ Client::Connect, ConnectResponse, PathnameResponse, OKResponse,
+ IncludeTranslateResponse): Cast u8 string literals to (const char *)
+ where needed.
+ * server.cc (Server::ProcessRequests, ConnectRequest): Likewise.
+
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+Upstream-Status: Backport [07a767c7a50d1daae8ef7d4aba73fe53ad40c0b7]
+---
+ libcody/client.cc | 36 +++++++++++++++++++-----------------
+ libcody/cody.hh | 22 ++++++++++++++++++++++
+ libcody/server.cc | 28 ++++++++++++++--------------
+ 3 files changed, 55 insertions(+), 31 deletions(-)
+
+diff --git a/libcody/client.cc b/libcody/client.cc
+index ae69d190cb77..147fecdbe500 100644
+--- a/libcody/client.cc
++++ b/libcody/client.cc
+@@ -97,7 +97,7 @@ int Client::CommunicateWithServer ()
+
+ static Packet CommunicationError (int err)
+ {
+- std::string e {u8"communication error:"};
++ std::string e {(const char *) u8"communication error:"};
+ e.append (strerror (err));
+
+ return Packet (Client::PC_ERROR, std::move (e));
+@@ -110,33 +110,34 @@ Packet Client::ProcessResponse (std::vector<std::string> &words,
+ {
+ if (e == EINVAL)
+ {
+- std::string msg (u8"malformed string '");
++ std::string msg ((const char *) u8"malformed string '");
+ msg.append (words[0]);
+- msg.append (u8"'");
++ msg.append ((const char *) u8"'");
+ return Packet (Client::PC_ERROR, std::move (msg));
+ }
+ else
+- return Packet (Client::PC_ERROR, u8"missing response");
++ return Packet (Client::PC_ERROR, (const char *) u8"missing response");
+ }
+
+ Assert (!words.empty ());
+- if (words[0] == u8"ERROR")
++ if (words[0] == (const char *) u8"ERROR")
+ return Packet (Client::PC_ERROR,
+- words.size () == 2 ? words[1]: u8"malformed error response");
++ words.size () == 2 ? words[1]
++ : (const char *) u8"malformed error response");
+
+ if (isLast && !read.IsAtEnd ())
+ return Packet (Client::PC_ERROR,
+- std::string (u8"unexpected extra response"));
++ std::string ((const char *) u8"unexpected extra response"));
+
+ Assert (code < Detail::RC_HWM);
+ Packet result (responseTable[code] (words));
+ result.SetRequest (code);
+ if (result.GetCode () == Client::PC_ERROR && result.GetString ().empty ())
+ {
+- std::string msg {u8"malformed response '"};
++ std::string msg {(const char *) u8"malformed response '"};
+
+ read.LexedLine (msg);
+- msg.append (u8"'");
++ msg.append ((const char *) u8"'");
+ result.GetString () = std::move (msg);
+ }
+ else if (result.GetCode () == Client::PC_CONNECT)
+@@ -199,7 +200,7 @@ Packet Client::Connect (char const *agent, char const *ident,
+ size_t alen, size_t ilen)
+ {
+ write.BeginLine ();
+- write.AppendWord (u8"HELLO");
++ write.AppendWord ((const char *) u8"HELLO");
+ write.AppendInteger (Version);
+ write.AppendWord (agent, true, alen);
+ write.AppendWord (ident, true, ilen);
+@@ -211,7 +212,8 @@ Packet Client::Connect (char const *agent, char const *ident,
+ // HELLO $version $agent [$flags]
+ Packet ConnectResponse (std::vector<std::string> &words)
+ {
+- if (words[0] == u8"HELLO" && (words.size () == 3 || words.size () == 4))
++ if (words[0] == (const char *) u8"HELLO"
++ && (words.size () == 3 || words.size () == 4))
+ {
+ char *eptr;
+ unsigned long val = strtoul (words[1].c_str (), &eptr, 10);
+@@ -247,7 +249,7 @@ Packet Client::ModuleRepo ()
+ // PATHNAME $dir | ERROR
+ Packet PathnameResponse (std::vector<std::string> &words)
+ {
+- if (words[0] == u8"PATHNAME" && words.size () == 2)
++ if (words[0] == (const char *) u8"PATHNAME" && words.size () == 2)
+ return Packet (Client::PC_PATHNAME, std::move (words[1]));
+
+ return Packet (Client::PC_ERROR, u8"");
+@@ -256,7 +258,7 @@ Packet PathnameResponse (std::vector<std::string> &words)
+ // OK or ERROR
+ Packet OKResponse (std::vector<std::string> &words)
+ {
+- if (words[0] == u8"OK")
++ if (words[0] == (const char *) u8"OK")
+ return Packet (Client::PC_OK);
+ else
+ return Packet (Client::PC_ERROR,
+@@ -319,11 +321,11 @@ Packet Client::IncludeTranslate (char const *include, Flags flags, size_t ilen)
+ // PATHNAME $cmifile
+ Packet IncludeTranslateResponse (std::vector<std::string> &words)
+ {
+- if (words[0] == u8"BOOL" && words.size () == 2)
++ if (words[0] == (const char *) u8"BOOL" && words.size () == 2)
+ {
+- if (words[1] == u8"FALSE")
+- return Packet (Client::PC_BOOL, 0);
+- else if (words[1] == u8"TRUE")
++ if (words[1] == (const char *) u8"FALSE")
++ return Packet (Client::PC_BOOL);
++ else if (words[1] == (const char *) u8"TRUE")
+ return Packet (Client::PC_BOOL, 1);
+ else
+ return Packet (Client::PC_ERROR, u8"");
+diff --git a/libcody/cody.hh b/libcody/cody.hh
+index 789ce9e70b75..93bce93aa94d 100644
+--- a/libcody/cody.hh
++++ b/libcody/cody.hh
+@@ -47,12 +47,21 @@ namespace Detail {
+
+ // C++11 doesn't have utf8 character literals :(
+
++#if __cpp_char8_t >= 201811
++template<unsigned I>
++constexpr char S2C (char8_t const (&s)[I])
++{
++ static_assert (I == 2, "only single octet strings may be converted");
++ return s[0];
++}
++#else
+ template<unsigned I>
+ constexpr char S2C (char const (&s)[I])
+ {
+ static_assert (I == 2, "only single octet strings may be converted");
+ return s[0];
+ }
++#endif
+
+ /// Internal buffering class. Used to concatenate outgoing messages
+ /// and Lex incoming ones.
+@@ -123,6 +132,13 @@ public:
+ Space ();
+ Append (str, maybe_quote, len);
+ }
++#if __cpp_char8_t >= 201811
++ void AppendWord (char8_t const *str, bool maybe_quote = false,
++ size_t len = ~size_t (0))
++ {
++ AppendWord ((const char *) str, maybe_quote, len);
++ }
++#endif
+ /// Add a word as with AppendWord
+ /// @param str the string to append
+ /// @param maybe_quote string might need quoting, as for Append
+@@ -264,6 +280,12 @@ public:
+ : string (s), cat (STRING), code (c)
+ {
+ }
++#if __cpp_char8_t >= 201811
++ Packet (unsigned c, const char8_t *s)
++ : string ((const char *) s), cat (STRING), code (c)
++ {
++ }
++#endif
+ Packet (unsigned c, std::vector<std::string> &&v)
+ : vector (std::move (v)), cat (VECTOR), code (c)
+ {
+diff --git a/libcody/server.cc b/libcody/server.cc
+index e2fa069bb933..c18469fae843 100644
+--- a/libcody/server.cc
++++ b/libcody/server.cc
+@@ -36,12 +36,12 @@ static RequestPair
+ const requestTable[Detail::RC_HWM] =
+ {
+ // Same order as enum RequestCode
+- RequestPair {u8"HELLO", nullptr},
+- RequestPair {u8"MODULE-REPO", ModuleRepoRequest},
+- RequestPair {u8"MODULE-EXPORT", ModuleExportRequest},
+- RequestPair {u8"MODULE-IMPORT", ModuleImportRequest},
+- RequestPair {u8"MODULE-COMPILED", ModuleCompiledRequest},
+- RequestPair {u8"INCLUDE-TRANSLATE", IncludeTranslateRequest},
++ RequestPair {(const char *) u8"HELLO", nullptr},
++ RequestPair {(const char *) u8"MODULE-REPO", ModuleRepoRequest},
++ RequestPair {(const char *) u8"MODULE-EXPORT", ModuleExportRequest},
++ RequestPair {(const char *) u8"MODULE-IMPORT", ModuleImportRequest},
++ RequestPair {(const char *) u8"MODULE-COMPILED", ModuleCompiledRequest},
++ RequestPair {(const char *) u8"INCLUDE-TRANSLATE", IncludeTranslateRequest},
+ };
+ }
+
+@@ -135,21 +135,21 @@ void Server::ProcessRequests (void)
+ std::string msg;
+
+ if (err > 0)
+- msg = u8"error processing '";
++ msg = (const char *) u8"error processing '";
+ else if (ix >= Detail::RC_HWM)
+- msg = u8"unrecognized '";
++ msg = (const char *) u8"unrecognized '";
+ else if (IsConnected () && ix == Detail::RC_CONNECT)
+- msg = u8"already connected '";
++ msg = (const char *) u8"already connected '";
+ else if (!IsConnected () && ix != Detail::RC_CONNECT)
+- msg = u8"not connected '";
++ msg = (const char *) u8"not connected '";
+ else
+- msg = u8"malformed '";
++ msg = (const char *) u8"malformed '";
+
+ read.LexedLine (msg);
+- msg.append (u8"'");
++ msg.append ((const char *) u8"'");
+ if (err > 0)
+ {
+- msg.append (u8" ");
++ msg.append ((const char *) u8" ");
+ msg.append (strerror (err));
+ }
+ resolver->ErrorResponse (this, std::move (msg));
+@@ -176,7 +176,7 @@ Resolver *ConnectRequest (Server *s, Resolver *r,
+ return nullptr;
+
+ if (words.size () == 3)
+- words.emplace_back (u8"");
++ words.emplace_back ((const char *) u8"");
+ unsigned version = ParseUnsigned (words[1]);
+ if (version == ~0u)
+ return nullptr;
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 15/47] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (13 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 14/47] gcc: backport a fix for building with gcc-16 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 16/47] openssl: upgrade 3.5.5 -> 3.5.6 Yoann Congal
` (32 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
2025.09.3
---------
Fixed FIT image vulnerability
https://lore.barebox.org/barebox/abljJRMecNdejSD0@pengutronix.de/
Changelog:
https://github.com/barebox/barebox/compare/v2025.09.2...v2025.09.3
2025.09.2
---------
Changelog:
https://github.com/barebox/barebox/compare/v2025.09.1...v2025.09.2
2025.09.1
---------
This stable release is specifically targeted at whinlatter which is
currently at v2025.09.0
https://lore.barebox.org/barebox/aUkaSKDePHF8__LB@pengutronix.de/
Changelog:
https://github.com/barebox/barebox/compare/v2025.09.0...v2025.09.1
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-bsp/barebox/barebox-common.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-bsp/barebox/barebox-common.inc b/meta/recipes-bsp/barebox/barebox-common.inc
index e41d0858fd9..91865b4d44c 100644
--- a/meta/recipes-bsp/barebox/barebox-common.inc
+++ b/meta/recipes-bsp/barebox/barebox-common.inc
@@ -3,6 +3,6 @@ SECTION = "bootloaders"
LIC_FILES_CHKSUM = "file://COPYING;md5=f5125d13e000b9ca1f0d3364286c4192"
-PV = "2025.09.0"
+PV = "2025.09.3"
SRC_URI = "https://barebox.org/download/barebox-${PV}.tar.bz2"
-SRC_URI[sha256sum] = "7df1aa47bb7bf1763a729137ac773e69a4052812af094475d739fc63a9295f0d"
+SRC_URI[sha256sum] = "e87eb863cbe45e4f5af8930825c8f6e20c02b82451e9e1125ea1c73c1fb49a87"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 16/47] openssl: upgrade 3.5.5 -> 3.5.6
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (14 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 15/47] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 17/47] go: upgrade 1.25.8 -> 1.25.9 Yoann Congal
` (31 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Release information [1]:
OpenSSL 3.5.6 is a security patch release. The most severe CVE fixed in this release is Medium.
This release incorporates the following bug fixes and mitigations:
* Fixed incorrect failure handling in RSA KEM RSASVE encapsulation. (CVE-2026-31790)
* Fixed loss of key agreement group tuple structure when the DEFAULT keyword is used in
the server-side configuration of the key-agreement group list. (CVE-2026-2673)
* Fixed potential use-after-free in DANE client code. (CVE-2026-28387)
* Fixed NULL pointer dereference when processing a delta CRL. (CVE-2026-28388)
* Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo. (CVE-2026-28389)
* Fixed possible NULL dereference when processing CMS KeyTransportRecipientInfo. (CVE-2026-28390)
* Fixed heap buffer overflow in hexadecimal conversion. (CVE-2026-31789)
[1] https://github.com/openssl/openssl/blob/openssl-3.5/NEWS.md#major-changes-between-openssl-355-and-openssl-356-7-apr-2026
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fc25ce383ddcb1185c193ff2b10f9116741eb316)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...1-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch | 2 +-
.../openssl/{openssl_3.5.5.bb => openssl_3.5.6.bb} | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-connectivity/openssl/{openssl_3.5.5.bb => openssl_3.5.6.bb} (99%)
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
index dadc034c913..bfbfedbd67e 100644
--- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -38,7 +38,7 @@ diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tm
index 09303c4..011bda1 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
-@@ -513,13 +513,27 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
+@@ -514,13 +514,27 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb b/meta/recipes-connectivity/openssl/openssl_3.5.6.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.5.5.bb
rename to meta/recipes-connectivity/openssl/openssl_3.5.6.bb
index c0d02b617ba..cbe7ed144e0 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.5.6.bb
@@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89"
+SRC_URI[sha256sum] = "deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736"
inherit lib_package multilib_header multilib_script ptest perlnative manpages
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 17/47] go: upgrade 1.25.8 -> 1.25.9
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (15 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 16/47] openssl: upgrade 3.5.5 -> 3.5.6 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 18/47] dtc: backport fix for build with glibc-2.43 Yoann Congal
` (30 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Upgrade to latest 1.25.x release [1]:
$ git --no-pager log --oneline go1.25.8..go1.25.9
7076e01d9d (tag: go1.25.9) [release-branch.go1.25] go1.25.9
abaa0cbb25 [release-branch.go1.25] cmd/go: disallow cgo trust boundary bypass
02f574a830 [release-branch.go1.25] crypto/tls: prevent deadlock when client sends multiple key update messages
82b0cdb741 [release-branch.go1.25] archive/tar: limit the number of old GNU sparse format entries
7d2dd3488c [release-branch.go1.25] cmd/compile: fix loopbce overflow check logic
72cc33629a [release-branch.go1.25] cmd/compile: fix mem access overlap detection
3ed3169244 [release-branch.go1.25] html/template: properly track JS template literal brace depth across contexts
4c79c4223e [release-branch.go1.25] internal/syscall/unix: properly support AT_SYMLINK_NOFOLLOW on Linux
edc1e4a5f2 [release-branch.go1.25] crypto/x509: fix signature checking limit
210b8112b1 [release-branch.go1.25] crypto/x509: hoist policy pruning out of loop
93a4f03ed8 [release-branch.go1.25] runtime/race: apply LLVM zero-initialization fix
cff64a5cf3 [release-branch.go1.25] cmd/go: tests: rename git-min-vers->git-sha256
7301bd39d1 [release-branch.go1.25] cmd/go: skip git sha256 tests if git < 2.29
f9532f001a [release-branch.go1.25] test/fixedbugs: remove issue46234 test timeout
4f81fbf332 [release-branch.go1.25] doc: remove template use in godebug.md
aed39507b1 [release-branch.go1.25] cmd/go/internal/cache: update trim timestamp before trimming
9a6627a5db [release-branch.go1.25] crypto/x509: fix wildcard domain exclusions.
19c660de6b [release-branch.go1.25] cmd/compile/internal/typecheck: simplify tcSliceHeader
b02c84a684 [release-branch.go1.25] cmd/internal/testdir: pass -buildid to link command
814b540c17 [release-branch.go1.25] cmd/internal/testdir: unify link command
de86eaeb0f [release-branch.go1.25] cmd/cgo/internal/test: use (syntactic) constant for C array bound
Fixes CVE-2026-32282, CVE-2026-32289, CVE-2026-27144, CVE-2026-27143,
CVE-2026-32288, CVE-2026-32283, CVE-2026-27140, CVE-2026-32280 and
CVE-2026-32281.
Release information: [2]
[1] https://github.com/golang/go/compare/go1.25.8...go1.25.9
[2] https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/go/{go-1.25.8.inc => go-1.25.9.inc} | 2 +-
...binary-native_1.25.8.bb => go-binary-native_1.25.9.bb} | 6 +++---
...oss-canadian_1.25.8.bb => go-cross-canadian_1.25.9.bb} | 0
.../go/{go-cross_1.25.8.bb => go-cross_1.25.9.bb} | 0
.../go/{go-crosssdk_1.25.8.bb => go-crosssdk_1.25.9.bb} | 0
.../go/{go-runtime_1.25.8.bb => go-runtime_1.25.9.bb} | 0
...go-make-content-based-hash-generation-less-pedan.patch | 8 ++++----
.../go/0006-cmd-go-make-GOROOT-precious-by-default.patch | 2 +-
meta/recipes-devtools/go/{go_1.25.8.bb => go_1.25.9.bb} | 0
9 files changed, 9 insertions(+), 9 deletions(-)
rename meta/recipes-devtools/go/{go-1.25.8.inc => go-1.25.9.inc} (91%)
rename meta/recipes-devtools/go/{go-binary-native_1.25.8.bb => go-binary-native_1.25.9.bb} (79%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.25.8.bb => go-cross-canadian_1.25.9.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.25.8.bb => go-cross_1.25.9.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.25.8.bb => go-crosssdk_1.25.9.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.25.8.bb => go-runtime_1.25.9.bb} (100%)
rename meta/recipes-devtools/go/{go_1.25.8.bb => go_1.25.9.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.25.8.inc b/meta/recipes-devtools/go/go-1.25.9.inc
similarity index 91%
rename from meta/recipes-devtools/go/go-1.25.8.inc
rename to meta/recipes-devtools/go/go-1.25.9.inc
index 5db1b1c04cb..9a96f6f1704 100644
--- a/meta/recipes-devtools/go/go-1.25.8.inc
+++ b/meta/recipes-devtools/go/go-1.25.9.inc
@@ -18,4 +18,4 @@ SRC_URI += "\
file://0011-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch \
file://0001-runtime-when-using-cgo-on-386-call-C-sigaction-funct.patch \
"
-SRC_URI[main.sha256sum] = "e988d4a2446ac7fe3f6daa089a58e9936a52a381355adec1c8983230a8d6c59e"
+SRC_URI[main.sha256sum] = "0ec9ef8ebcea097aac37decae9f09a7218b451cd96be7d6ed513d8e4bcf909cf"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.25.8.bb b/meta/recipes-devtools/go/go-binary-native_1.25.9.bb
similarity index 79%
rename from meta/recipes-devtools/go/go-binary-native_1.25.8.bb
rename to meta/recipes-devtools/go/go-binary-native_1.25.9.bb
index df6cb542fb6..b11b822c946 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.25.8.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.25.9.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
# Checksums available at https://go.dev/dl/
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "ceb5e041bbc3893846bd1614d76cb4681c91dadee579426cf21a63f2d7e03be6"
-SRC_URI[go_linux_arm64.sha256sum] = "7d137f59f66bb93f40a6b2b11e713adc2a9d0c8d9ae581718e3fad19e5295dc7"
-SRC_URI[go_linux_ppc64le.sha256sum] = "28ed144a945e4d7188c93f8d85fb772a98ed18f8f9f8d3a650696b739f8cc57c"
+SRC_URI[go_linux_amd64.sha256sum] = "00859d7bd6defe8bf84d9db9e57b9a4467b2887c18cd93ae7460e713db774bc1"
+SRC_URI[go_linux_arm64.sha256sum] = "ec342e7389b7f489564ed5463c63b16cf8040023dabc7861256677165a8c0e2b"
+SRC_URI[go_linux_ppc64le.sha256sum] = "b0c41c7da1fc8d39020d65296a0dc54167afd9f76d67064e22c31ce3d839a739"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.25.8.bb b/meta/recipes-devtools/go/go-cross-canadian_1.25.9.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.25.8.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.25.9.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.25.8.bb b/meta/recipes-devtools/go/go-cross_1.25.9.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.25.8.bb
rename to meta/recipes-devtools/go/go-cross_1.25.9.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.25.8.bb b/meta/recipes-devtools/go/go-crosssdk_1.25.9.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.25.8.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.25.9.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.25.8.bb b/meta/recipes-devtools/go/go-runtime_1.25.9.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.25.8.bb
rename to meta/recipes-devtools/go/go-runtime_1.25.9.bb
diff --git a/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch b/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch
index 6d75266cbe6..921e59c4a20 100644
--- a/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch
+++ b/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch
@@ -109,7 +109,7 @@ index 7b073165d5..1f618be0bb 100644
}
// Configuration specific to compiler toolchain.
-@@ -2639,8 +2641,25 @@ func envList(key, def string) []string {
+@@ -2636,8 +2638,25 @@ func envList(key, def string) []string {
return args
}
@@ -136,7 +136,7 @@ index 7b073165d5..1f618be0bb 100644
if cppflags, err = buildFlags("CPPFLAGS", "", p.CgoCPPFLAGS, checkCompilerFlags); err != nil {
return
}
-@@ -2656,6 +2675,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l
+@@ -2653,6 +2672,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l
if ldflags, err = buildFlags("LDFLAGS", DefaultCFlags, p.CgoLDFLAGS, checkLinkerFlags); err != nil {
return
}
@@ -150,7 +150,7 @@ index 7b073165d5..1f618be0bb 100644
return
}
-@@ -2673,7 +2699,7 @@ func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgo
+@@ -2670,7 +2696,7 @@ func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgo
p := a.Package
sh := b.Shell(a)
@@ -159,7 +159,7 @@ index 7b073165d5..1f618be0bb 100644
if err != nil {
return nil, nil, err
}
-@@ -3237,7 +3263,7 @@ func (b *Builder) swigOne(a *Action, file, objdir string, pcCFLAGS []string, cxx
+@@ -3238,7 +3264,7 @@ func (b *Builder) swigOne(a *Action, file, objdir string, pcCFLAGS []string, cxx
p := a.Package
sh := b.Shell(a)
diff --git a/meta/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch b/meta/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch
index 15ffdb3cf38..4ac478be851 100644
--- a/meta/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch
+++ b/meta/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch
@@ -94,7 +94,7 @@ index 1f618be0bb..651fa64582 100644
if err := sh.Mkdir(a.Objdir); err != nil {
return err
}
-@@ -1739,6 +1756,14 @@ func (b *Builder) linkShared(ctx context.Context, a *Action) (err error) {
+@@ -1736,6 +1753,14 @@ func (b *Builder) linkShared(ctx context.Context, a *Action) (err error) {
return err
}
diff --git a/meta/recipes-devtools/go/go_1.25.8.bb b/meta/recipes-devtools/go/go_1.25.9.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.25.8.bb
rename to meta/recipes-devtools/go/go_1.25.9.bb
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 18/47] dtc: backport fix for build with glibc-2.43
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (16 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 17/47] go: upgrade 1.25.8 -> 1.25.9 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 19/47] pseudo: Add fix for glibc 2.43 Yoann Congal
` (29 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
glibc-2.43 isn't used in OE builds yet, but this fixes dtc-native:
https://errors.yoctoproject.org/Errors/Details/903983/
../sources/dtc-1.7.2/libfdt/fdt_overlay.c: In function ‘overlay_fixup_phandle’:
../sources/dtc-1.7.2/libfdt/fdt_overlay.c:424:21: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
424 | sep = memchr(fixup_str, ':', fixup_len);
| ^
../sources/dtc-1.7.2/libfdt/fdt_overlay.c:434:21: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
434 | sep = memchr(name, ':', fixup_len);
| ^
cc1: all warnings being treated as errors
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 28552a7b6c94060c7ab3899619ab8afb74124d02)
[YC: fixed the Upstream-Status Backport URL]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../0001-Fix-discarded-const-qualifiers.patch | 83 +++++++++++++++++++
meta/recipes-kernel/dtc/dtc_1.7.2.bb | 1 +
2 files changed, 84 insertions(+)
create mode 100644 meta/recipes-kernel/dtc/dtc/0001-Fix-discarded-const-qualifiers.patch
diff --git a/meta/recipes-kernel/dtc/dtc/0001-Fix-discarded-const-qualifiers.patch b/meta/recipes-kernel/dtc/dtc/0001-Fix-discarded-const-qualifiers.patch
new file mode 100644
index 00000000000..de06ab37231
--- /dev/null
+++ b/meta/recipes-kernel/dtc/dtc/0001-Fix-discarded-const-qualifiers.patch
@@ -0,0 +1,83 @@
+From c58beee7bec0774f12202511c97beb741ff2b534 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Tue, 6 Jan 2026 14:19:30 -0500
+Subject: [PATCH] Fix discarded const qualifiers
+
+It's unsafe to implicitly discard the const qualifier on a pointer. In
+overlay_fixup_phandle(), this was probably just an oversight, and making
+the "sep" variable a const char * is sufficient to fix it.
+
+In create_node(), however, the "p" variable is directly modifying the
+buffer pointed to by "const char* node_name". To fix this, we need to
+actually make a duplicate of the buffer and operate on that instead.
+
+This introduces a malloc()/free() and an unbounded strdup() into the
+operation, but fdtput isn't a long-running service and the node_name
+argument comes directly from argv, so this shouldn't introduce a
+significant performance impact.
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/dtc/dtc.git/commit/?h=main&id=9a1c801a1a3c102bf95c5339c9e985b26b823a21]
+---
+ fdtput.c | 8 +++++---
+ libfdt/fdt_overlay.c | 3 ++-
+ meson.build | 1 +
+ 3 files changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/fdtput.c b/fdtput.c
+index c2fecf4..8deec7e 100644
+--- a/fdtput.c
++++ b/fdtput.c
+@@ -230,19 +230,21 @@ static int create_paths(char **blob, const char *in_path)
+ static int create_node(char **blob, const char *node_name)
+ {
+ int node = 0;
+- char *p;
++ const char *p;
++ char *path = NULL;
+
+ p = strrchr(node_name, '/');
+ if (!p) {
+ report_error(node_name, -1, -FDT_ERR_BADPATH);
+ return -1;
+ }
+- *p = '\0';
+
+ *blob = realloc_node(*blob, p + 1);
+
+ if (p > node_name) {
+- node = fdt_path_offset(*blob, node_name);
++ path = xstrndup(node_name, (size_t)(p - node_name));
++ node = fdt_path_offset(*blob, path);
++ free(path);
+ if (node < 0) {
+ report_error(node_name, -1, node);
+ return -1;
+diff --git a/libfdt/fdt_overlay.c b/libfdt/fdt_overlay.c
+index 28b667f..5f8aa62 100644
+--- a/libfdt/fdt_overlay.c
++++ b/libfdt/fdt_overlay.c
+@@ -409,7 +409,8 @@ static int overlay_fixup_phandle(void *fdt, void *fdto, int symbols_off,
+ const char *fixup_str = value;
+ uint32_t path_len, name_len;
+ uint32_t fixup_len;
+- char *sep, *endptr;
++ const char *sep;
++ char *endptr;
+ int poffset, ret;
+
+ fixup_end = memchr(value, '\0', len);
+diff --git a/meson.build b/meson.build
+index 310699f..2966b06 100644
+--- a/meson.build
++++ b/meson.build
+@@ -18,6 +18,7 @@ add_project_arguments(
+ '-Wshadow',
+ '-Wsuggest-attribute=format',
+ '-Wwrite-strings',
++ '-Wdiscarded-qualifiers',
+ ]),
+ language: 'c'
+ )
diff --git a/meta/recipes-kernel/dtc/dtc_1.7.2.bb b/meta/recipes-kernel/dtc/dtc_1.7.2.bb
index 92e83a94044..b8b79542c5d 100644
--- a/meta/recipes-kernel/dtc/dtc_1.7.2.bb
+++ b/meta/recipes-kernel/dtc/dtc_1.7.2.bb
@@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI = " \
git://git.kernel.org/pub/scm/utils/dtc/dtc.git;branch=main;protocol=https \
+ file://0001-Fix-discarded-const-qualifiers.patch \
"
SRCREV = "2d10aa2afe35527728db30b35ec491ecb6959e5c"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 19/47] pseudo: Add fix for glibc 2.43
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (17 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 18/47] dtc: backport fix for build with glibc-2.43 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 20/47] yocto-uninative: Update to 5.1 " Yoann Congal
` (28 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to add a fix for a function definition to work with glibc 2.43.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7d35b0e7929d666af783db835a3a809f8f6ce429)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index a26a205a160..4d316299033 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -12,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \
file://older-glibc-symbols.patch"
SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
-SRCREV = "43cbd8fb4914328094ccdb4bb827d74b1bac2046"
+SRCREV = "56e1f8df4761da60e41812fc32b1de797d1765e9"
PV = "1.9.3+git"
# largefile and 64bit time_t support adds these macros via compiler flags globally
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 20/47] yocto-uninative: Update to 5.1 for glibc 2.43
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (18 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 19/47] pseudo: Add fix for glibc 2.43 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 21/47] m4: backport 3 gnulib changes to fix build with glibc-2.43 on host Yoann Congal
` (27 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c1fb515f2a88fa0a0e95529afc07a99db001af0e)
[YC: fix duplicated line in commit message]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/conf/distro/include/yocto-uninative.inc | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index e9dc6c86408..d97c96f631f 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,10 +6,10 @@
# to the distro running on the build machine.
#
-UNINATIVE_MAXGLIBCVERSION = "2.42"
-UNINATIVE_VERSION = "5.0"
+UNINATIVE_MAXGLIBCVERSION = "2.43"
+UNINATIVE_VERSION = "5.1"
UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "a25f2174d0cefcb22af005e9bc72ac01ae83b011c5b6d6d5bf00dac979877f76"
-UNINATIVE_CHECKSUM[i686] ?= "959cc2539b692f9b9862825c7324a0fe4d061fca742f6c259f67f581c59af956"
-UNINATIVE_CHECKSUM[x86_64] ?= "96045e8b1e242c8a849426a8506c7043f354b39f2bc0035192780e8205e23e9d"
+UNINATIVE_CHECKSUM[aarch64] ?= "4166237a9dabd222dcb9627a9435dffd756764fabf76ed7ef2e93dc2964567ad"
+UNINATIVE_CHECKSUM[i686] ?= "761502cc9aef4d54d0c6fe9418beb9fdd2c6220da6f2b04128c89f47902ab9ae"
+UNINATIVE_CHECKSUM[x86_64] ?= "2b63a078c26535e0786e87f81ae69509df30f4dce40693004c527bd5e4ab2b85"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 21/47] m4: backport 3 gnulib changes to fix build with glibc-2.43 on host
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (19 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 20/47] yocto-uninative: Update to 5.1 " Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 22/47] gettext: backport " Yoann Congal
` (26 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
All 3 are already included in m4-1.4.21 used in master.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/m4/m4-1.4.20.inc | 3 +
| 135 ++++++++++++
...pilation-error-on-macOS-with-fortify.patch | 126 ++++++++++++
...23-qualifier-generic-fns-like-strchr.patch | 194 ++++++++++++++++++
4 files changed, 458 insertions(+)
create mode 100644 meta/recipes-devtools/m4/m4/0001-string-h-wchar-h-Fix-some-g-Wsystem-headers-warnings.patch
create mode 100644 meta/recipes-devtools/m4/m4/0002-string-h-Fix-compilation-error-on-macOS-with-fortify.patch
create mode 100644 meta/recipes-devtools/m4/m4/0003-Port-to-C23-qualifier-generic-fns-like-strchr.patch
diff --git a/meta/recipes-devtools/m4/m4-1.4.20.inc b/meta/recipes-devtools/m4/m4-1.4.20.inc
index 5c4ba09288c..df47e1e1881 100644
--- a/meta/recipes-devtools/m4/m4-1.4.20.inc
+++ b/meta/recipes-devtools/m4/m4-1.4.20.inc
@@ -8,6 +8,9 @@ inherit autotools texinfo ptest gettext
SRC_URI = "${GNU_MIRROR}/m4/m4-${PV}.tar.gz \
file://0001-gettext-h-Avoid-gcc-Wformat-security-warnings-with-d.patch \
+ file://0001-string-h-wchar-h-Fix-some-g-Wsystem-headers-warnings.patch \
+ file://0002-string-h-Fix-compilation-error-on-macOS-with-fortify.patch \
+ file://0003-Port-to-C23-qualifier-generic-fns-like-strchr.patch \
"
SRC_URI:append:class-target = " file://run-ptest \
file://0001-test-c32ispunct-Check-for-musl-along-with-glibc.patch \
--git a/meta/recipes-devtools/m4/m4/0001-string-h-wchar-h-Fix-some-g-Wsystem-headers-warnings.patch b/meta/recipes-devtools/m4/m4/0001-string-h-wchar-h-Fix-some-g-Wsystem-headers-warnings.patch
new file mode 100644
index 00000000000..63495a8443e
--- /dev/null
+++ b/meta/recipes-devtools/m4/m4/0001-string-h-wchar-h-Fix-some-g-Wsystem-headers-warnings.patch
@@ -0,0 +1,135 @@
+From a9ff1a1ea55bee12751c751460a0102493fa65aa Mon Sep 17 00:00:00 2001
+From: Bruno Haible <bruno@clisp.org>
+Date: Mon, 12 May 2025 03:05:51 +0200
+Subject: [PATCH] string-h, wchar-h: Fix some g++ -Wsystem-headers warnings.
+
+* lib/string.in.h (memcpy, memccpy, memmove, strncpy, strndup, strncat,
+memcmp, strncmp, memset): On glibc systems, declare with
+_GL_ATTRIBUTE_NOTHROW.
+* lib/wchar.in.h (wmemcpy, wmemmove, wcsncpy, wcsncat, wmemcmp, wcsncmp,
+wmemset): Likewise.
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/gnulib.git/commit/?id=0614c2db34f65c595d85be4adc5628778905855a]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ lib/string.in.h | 27 +++++++++++++++++++++++++++
+ lib/wchar.in.h | 21 +++++++++++++++++++++
+ 2 files changed, 48 insertions(+)
+
+diff --git a/lib/string.in.h b/lib/string.in.h
+index e764221..e3d94b7 100644
+--- a/lib/string.in.h
++++ b/lib/string.in.h
+@@ -215,25 +215,49 @@ _GL_EXTERN_C void free (void *);
+ /* Declarations for ISO C N3322. */
+ #if defined __GNUC__ && __GNUC__ >= 15 && !defined __clang__
+ _GL_EXTERN_C void *memcpy (void *__dest, const void *__src, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ _GL_EXTERN_C void *memccpy (void *__dest, const void *__src, int __c, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 4)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 4);
+ _GL_EXTERN_C void *memmove (void *__dest, const void *__src, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ _GL_EXTERN_C char *strncpy (char *__dest, const char *__src, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ _GL_EXTERN_C char *strndup (const char *__s, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 2);
+ _GL_EXTERN_C char *strncat (char *__dest, const char *__src, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ARG_NONNULL ((1)) _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ _GL_EXTERN_C int memcmp (const void *__s1, const void *__s2, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ _GL_EXTERN_C int strncmp (const char *__s1, const char *__s2, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ # ifndef __cplusplus
+@@ -243,6 +267,9 @@ _GL_EXTERN_C void *memrchr (const void *__s, int __c, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ # endif
+ _GL_EXTERN_C void *memset (void *__s, int __c, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ _GL_EXTERN_C void *memset_explicit (void *__s, int __c, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+diff --git a/lib/wchar.in.h b/lib/wchar.in.h
+index 8836ed1..a6c52eb 100644
+--- a/lib/wchar.in.h
++++ b/lib/wchar.in.h
+@@ -281,20 +281,38 @@ _GL_EXTERN_C void free (void *);
+ /* Declarations for ISO C N3322. */
+ #if defined __GNUC__ && __GNUC__ >= 15 && !defined __clang__
+ _GL_EXTERN_C wchar_t *wmemcpy (wchar_t *__dest, const wchar_t *__src, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ _GL_EXTERN_C wchar_t *wmemmove (wchar_t *__dest, const wchar_t *__src, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ _GL_EXTERN_C wchar_t *wcsncpy (wchar_t *__dest, const wchar_t *__src, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ _GL_EXTERN_C wchar_t *wcsncat (wchar_t *__dest, const wchar_t *__src, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ARG_NONNULL ((1)) _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ _GL_EXTERN_C int wmemcmp (const wchar_t *__s1, const wchar_t *__s2, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ _GL_EXTERN_C int wcsncmp (const wchar_t *__s1, const wchar_t *__s2, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ # ifndef __cplusplus
+@@ -302,6 +320,9 @@ _GL_EXTERN_C wchar_t *wmemchr (const wchar_t *__s, wchar_t __wc, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ # endif
+ _GL_EXTERN_C wchar_t *wmemset (wchar_t *__s, wchar_t __wc, size_t __n)
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++ _GL_ATTRIBUTE_NOTHROW
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ #endif
+
diff --git a/meta/recipes-devtools/m4/m4/0002-string-h-Fix-compilation-error-on-macOS-with-fortify.patch b/meta/recipes-devtools/m4/m4/0002-string-h-Fix-compilation-error-on-macOS-with-fortify.patch
new file mode 100644
index 00000000000..ef7117997b5
--- /dev/null
+++ b/meta/recipes-devtools/m4/m4/0002-string-h-Fix-compilation-error-on-macOS-with-fortify.patch
@@ -0,0 +1,126 @@
+From 84b6bcb2c691796d87b47bfcf815409ca2b9e461 Mon Sep 17 00:00:00 2001
+From: Bruno Haible <bruno@clisp.org>
+Date: Thu, 10 Jul 2025 11:04:50 +0200
+Subject: [PATCH] string-h: Fix compilation error on macOS with fortify.
+
+Reported by Pierre Ossman <ossman@cendio.se> at
+<https://savannah.gnu.org/bugs/?67300>.
+
+* lib/string.in.h (memcpy etc.): Don't redeclare functions that are
+declared as macros.
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/gnulib.git/commit/?id=c44fe03b72687c9e913727724c29bdb49c1f86e3]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ lib/string.in.h | 58 +++++++++++++++++++++++++++++++++----------------
+ 1 file changed, 39 insertions(+), 19 deletions(-)
+
+diff --git a/lib/string.in.h b/lib/string.in.h
+index e3d94b7..9a039c7 100644
+--- a/lib/string.in.h
++++ b/lib/string.in.h
+@@ -214,65 +214,85 @@ _GL_EXTERN_C void free (void *);
+
+ /* Declarations for ISO C N3322. */
+ #if defined __GNUC__ && __GNUC__ >= 15 && !defined __clang__
++# ifndef memcpy
+ _GL_EXTERN_C void *memcpy (void *__dest, const void *__src, size_t __n)
+-# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
+ _GL_ATTRIBUTE_NOTHROW
+-# endif
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
++# endif
++# ifndef memccpy
+ _GL_EXTERN_C void *memccpy (void *__dest, const void *__src, int __c, size_t __n)
+-# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
+ _GL_ATTRIBUTE_NOTHROW
+-# endif
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 4)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 4);
++# endif
++# ifndef memmove
+ _GL_EXTERN_C void *memmove (void *__dest, const void *__src, size_t __n)
+-# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
+ _GL_ATTRIBUTE_NOTHROW
+-# endif
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
++# endif
++# ifndef strncpy
+ _GL_EXTERN_C char *strncpy (char *__dest, const char *__src, size_t __n)
+-# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
+ _GL_ATTRIBUTE_NOTHROW
+-# endif
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
++# endif
++# ifndef strndup
+ _GL_EXTERN_C char *strndup (const char *__s, size_t __n)
+-# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
+ _GL_ATTRIBUTE_NOTHROW
+-# endif
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 2);
++# endif
++# ifndef strncat
+ _GL_EXTERN_C char *strncat (char *__dest, const char *__src, size_t __n)
+-# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
+ _GL_ATTRIBUTE_NOTHROW
+-# endif
++# endif
+ _GL_ARG_NONNULL ((1)) _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
++# endif
++# ifndef memcmp
+ _GL_EXTERN_C int memcmp (const void *__s1, const void *__s2, size_t __n)
+-# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
+ _GL_ATTRIBUTE_NOTHROW
+-# endif
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
++# endif
++# ifndef strncmp
+ _GL_EXTERN_C int strncmp (const char *__s1, const char *__s2, size_t __n)
+-# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
+ _GL_ATTRIBUTE_NOTHROW
+-# endif
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+-# ifndef __cplusplus
++# endif
++# if !defined memchr && !defined __cplusplus
+ _GL_EXTERN_C void *memchr (const void *__s, int __c, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ _GL_EXTERN_C void *memrchr (const void *__s, int __c, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ # endif
++# ifndef memset
+ _GL_EXTERN_C void *memset (void *__s, int __c, size_t __n)
+-# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
++# if __GLIBC__ + (__GLIBC_MINOR__ >= 2) > 2
+ _GL_ATTRIBUTE_NOTHROW
+-# endif
++# endif
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
++# endif
++# ifndef memset_explicit
+ _GL_EXTERN_C void *memset_explicit (void *__s, int __c, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
++# endif
+ #endif
+
+
diff --git a/meta/recipes-devtools/m4/m4/0003-Port-to-C23-qualifier-generic-fns-like-strchr.patch b/meta/recipes-devtools/m4/m4/0003-Port-to-C23-qualifier-generic-fns-like-strchr.patch
new file mode 100644
index 00000000000..7d88e45fa58
--- /dev/null
+++ b/meta/recipes-devtools/m4/m4/0003-Port-to-C23-qualifier-generic-fns-like-strchr.patch
@@ -0,0 +1,194 @@
+From 100cbc40da39dcdf259ebce2bd0f2b4889cf2204 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sun, 23 Nov 2025 00:50:40 -0800
+Subject: [PATCH] Port to C23 qualifier-generic fns like strchr
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This ports Gnulib to strict C23 platforms that reject code
+like ‘char *q = strchr (P, 'x');’ when P is a pointer to const,
+because in C23 strchr is a qualifier-generic function so
+strchr (P, 'x') returns char const *.
+This patch does not attempt to do the following two things,
+which might be useful in the future:
+1. When compiling on non-C23 platforms, check user code for
+portability to platforms that define qualifier-generic functions.
+2. Port Gnulib to platforms that have qualifier-generic functions
+not listed in the C23 standard, e.g., strchrnul. I don’t know
+of any such platforms.
+* lib/argp-help.c (argp_doc):
+* lib/c-strstr.c (c_strstr):
+* lib/dfa.c (comsubs):
+* lib/mbschr.c (mbschr):
+* lib/mbspbrk.c (mbspbrk):
+* lib/mbsrchr.c (mbsrchr):
+* lib/memchr2.c (memchr2):
+* lib/string-desc.c (_sd_index):
+* tests/test-bsearch.c (lib_bsearch):
+* tests/test-memchr.c (lib_memchr):
+* tests/test-wmemchr.c (lib_wmemchr):
+Port to C23, where functions like strchr are qualifier-generic.
+* lib/c++defs.h (_GL_FUNCDECL_SYS_NAME): New macro.
+* lib/c++defs.h (_GL_FUNCDECL_SYS):
+* lib/stdlib.in.h (bsearch):
+Use it, to prevent C23 names like strchr from acting like macros.
+* lib/string.in.h (memchr, strchr, strpbrk, strrchr):
+Do not #undef when GNULIB_POSIXCHECK is defined, as this could
+cause conforming C23 code to fail to conform. It’s not clear why
+_GL_WARN_ON_USE_CXX; perhaps it was needed but isn’t any more?
+But for now, limit the removal of #undef to these four functions
+where #undeffing is clearly undesirable in C23.
+* lib/wchar.in.h (wmemchr): Parenthesize function name in decl,
+to prevent it from acting like a macro.
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/gnulib.git/commit/?id=df17f4f37ed3ca373d23ad42eae51122bdb96626]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ lib/c++defs.h | 12 +++++++++++-
+ lib/memchr2.c | 2 +-
+ lib/stdlib.in.h | 6 +++---
+ lib/string.in.h | 4 ----
+ lib/wchar.in.h | 2 +-
+ tests/c++defs.h | 12 +++++++++++-
+ 6 files changed, 27 insertions(+), 11 deletions(-)
+
+diff --git a/lib/c++defs.h b/lib/c++defs.h
+index df98a5a..d3dfabd 100644
+--- a/lib/c++defs.h
++++ b/lib/c++defs.h
+@@ -127,6 +127,16 @@
+ #define _GL_FUNCDECL_RPL_1(rpl_func,rettype,parameters,...) \
+ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype rpl_func parameters
+
++/* _GL_FUNCDECL_SYS_NAME (func) expands to plain func if C++, and to
++ parenthsized func otherwise. Parenthesization is needed in C23 if
++ the function is like strchr and so is a qualifier-generic macro
++ that expands to something more complicated. */
++#ifdef __cplusplus
++# define _GL_FUNCDECL_SYS_NAME(func) func
++#else
++# define _GL_FUNCDECL_SYS_NAME(func) (func)
++#endif
++
+ /* _GL_FUNCDECL_SYS (func, rettype, parameters, [attributes]);
+ declares the system function, named func, with the given prototype,
+ consisting of return type, parameters, and attributes.
+@@ -139,7 +149,7 @@
+ _GL_FUNCDECL_SYS (posix_openpt, int, (int flags), _GL_ATTRIBUTE_NODISCARD);
+ */
+ #define _GL_FUNCDECL_SYS(func,rettype,parameters,...) \
+- _GL_EXTERN_C_FUNC __VA_ARGS__ rettype func parameters
++ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype _GL_FUNCDECL_SYS_NAME (func) parameters
+
+ /* _GL_CXXALIAS_RPL (func, rettype, parameters);
+ declares a C++ alias called GNULIB_NAMESPACE::func
+diff --git a/lib/memchr2.c b/lib/memchr2.c
+index 7493823..d7724ae 100644
+--- a/lib/memchr2.c
++++ b/lib/memchr2.c
+@@ -55,7 +55,7 @@ memchr2 (void const *s, int c1_in, int c2_in, size_t n)
+ c2 = (unsigned char) c2_in;
+
+ if (c1 == c2)
+- return memchr (s, c1, n);
++ return (void *) memchr (s, c1, n);
+
+ /* Handle the first few bytes by reading one byte at a time.
+ Do this until VOID_PTR is aligned on a longword boundary. */
+diff --git a/lib/stdlib.in.h b/lib/stdlib.in.h
+index 1342db4..3548d6e 100644
+--- a/lib/stdlib.in.h
++++ b/lib/stdlib.in.h
+@@ -237,9 +237,9 @@ _GL_INLINE_HEADER_BEGIN
+
+ /* Declarations for ISO C N3322. */
+ #if defined __GNUC__ && __GNUC__ >= 15 && !defined __clang__
+-_GL_EXTERN_C void *bsearch (const void *__key,
+- const void *__base, size_t __nmemb, size_t __size,
+- int (*__compare) (const void *, const void *))
++_GL_EXTERN_C void *_GL_FUNCDECL_SYS_NAME (bsearch)
++ (const void *__key, const void *__base, size_t __nmemb, size_t __size,
++ int (*__compare) (const void *, const void *))
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3) _GL_ARG_NONNULL ((5));
+ _GL_EXTERN_C void qsort (void *__base, size_t __nmemb, size_t __size,
+ int (*__compare) (const void *, const void *))
+diff --git a/lib/string.in.h b/lib/string.in.h
+index 9a039c7..bc44f81 100644
+--- a/lib/string.in.h
++++ b/lib/string.in.h
+@@ -403,7 +403,6 @@ _GL_CXXALIASWARN1 (memchr, void const *,
+ _GL_CXXALIASWARN (memchr);
+ # endif
+ #elif defined GNULIB_POSIXCHECK
+-# undef memchr
+ /* Assume memchr is always declared. */
+ _GL_WARN_ON_USE (memchr, "memchr has platform-specific bugs - "
+ "use gnulib module memchr for portability" );
+@@ -653,7 +652,6 @@ _GL_WARN_ON_USE (stpncpy, "stpncpy is unportable - "
+ #if defined GNULIB_POSIXCHECK
+ /* strchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+-# undef strchr
+ /* Assume strchr is always declared. */
+ _GL_WARN_ON_USE_CXX (strchr,
+ const char *, char *, (const char *, int),
+@@ -945,7 +943,6 @@ _GL_CXXALIASWARN (strpbrk);
+ Even in this simple case, it does not work with multibyte strings if the
+ locale encoding is GB18030 and one of the characters to be searched is a
+ digit. */
+-# undef strpbrk
+ _GL_WARN_ON_USE_CXX (strpbrk,
+ const char *, char *, (const char *, const char *),
+ "strpbrk cannot work correctly on character strings "
+@@ -975,7 +972,6 @@ _GL_WARN_ON_USE (strspn, "strspn cannot work correctly on character strings "
+ #if defined GNULIB_POSIXCHECK
+ /* strrchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+-# undef strrchr
+ /* Assume strrchr is always declared. */
+ _GL_WARN_ON_USE_CXX (strrchr,
+ const char *, char *, (const char *, int),
+diff --git a/lib/wchar.in.h b/lib/wchar.in.h
+index a6c52eb..b4de385 100644
+--- a/lib/wchar.in.h
++++ b/lib/wchar.in.h
+@@ -316,7 +316,7 @@ _GL_EXTERN_C int wcsncmp (const wchar_t *__s1, const wchar_t *__s2, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ # ifndef __cplusplus
+-_GL_EXTERN_C wchar_t *wmemchr (const wchar_t *__s, wchar_t __wc, size_t __n)
++_GL_EXTERN_C wchar_t *(wmemchr) (const wchar_t *__s, wchar_t __wc, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ # endif
+ _GL_EXTERN_C wchar_t *wmemset (wchar_t *__s, wchar_t __wc, size_t __n)
+diff --git a/tests/c++defs.h b/tests/c++defs.h
+index df98a5a..d3dfabd 100644
+--- a/tests/c++defs.h
++++ b/tests/c++defs.h
+@@ -127,6 +127,16 @@
+ #define _GL_FUNCDECL_RPL_1(rpl_func,rettype,parameters,...) \
+ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype rpl_func parameters
+
++/* _GL_FUNCDECL_SYS_NAME (func) expands to plain func if C++, and to
++ parenthsized func otherwise. Parenthesization is needed in C23 if
++ the function is like strchr and so is a qualifier-generic macro
++ that expands to something more complicated. */
++#ifdef __cplusplus
++# define _GL_FUNCDECL_SYS_NAME(func) func
++#else
++# define _GL_FUNCDECL_SYS_NAME(func) (func)
++#endif
++
+ /* _GL_FUNCDECL_SYS (func, rettype, parameters, [attributes]);
+ declares the system function, named func, with the given prototype,
+ consisting of return type, parameters, and attributes.
+@@ -139,7 +149,7 @@
+ _GL_FUNCDECL_SYS (posix_openpt, int, (int flags), _GL_ATTRIBUTE_NODISCARD);
+ */
+ #define _GL_FUNCDECL_SYS(func,rettype,parameters,...) \
+- _GL_EXTERN_C_FUNC __VA_ARGS__ rettype func parameters
++ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype _GL_FUNCDECL_SYS_NAME (func) parameters
+
+ /* _GL_CXXALIAS_RPL (func, rettype, parameters);
+ declares a C++ alias called GNULIB_NAMESPACE::func
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 22/47] gettext: backport gnulib changes to fix build with glibc-2.43 on host
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (20 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 21/47] m4: backport 3 gnulib changes to fix build with glibc-2.43 on host Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 23/47] util-linux: backport fix to " Yoann Congal
` (25 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
It's already included in gettext-1.0 used in master.
Unfortunately this need to be applied in 6 different copies of gnulib
inside gettext repo.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...23-qualifier-generic-fns-like-strchr.patch | 626 ++++++++++++++++++
meta/recipes-core/gettext/gettext_0.26.bb | 1 +
2 files changed, 627 insertions(+)
create mode 100644 meta/recipes-core/gettext/gettext/0001-Port-to-C23-qualifier-generic-fns-like-strchr.patch
diff --git a/meta/recipes-core/gettext/gettext/0001-Port-to-C23-qualifier-generic-fns-like-strchr.patch b/meta/recipes-core/gettext/gettext/0001-Port-to-C23-qualifier-generic-fns-like-strchr.patch
new file mode 100644
index 00000000000..634e17ea788
--- /dev/null
+++ b/meta/recipes-core/gettext/gettext/0001-Port-to-C23-qualifier-generic-fns-like-strchr.patch
@@ -0,0 +1,626 @@
+From 64c9525e8664ec3b89475100cbeda06ed916e707 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sun, 23 Nov 2025 00:50:40 -0800
+Subject: [PATCH] Port to C23 qualifier-generic fns like strchr
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This ports Gnulib to strict C23 platforms that reject code
+like ‘char *q = strchr (P, 'x');’ when P is a pointer to const,
+because in C23 strchr is a qualifier-generic function so
+strchr (P, 'x') returns char const *.
+This patch does not attempt to do the following two things,
+which might be useful in the future:
+1. When compiling on non-C23 platforms, check user code for
+portability to platforms that define qualifier-generic functions.
+2. Port Gnulib to platforms that have qualifier-generic functions
+not listed in the C23 standard, e.g., strchrnul. I don’t know
+of any such platforms.
+* lib/argp-help.c (argp_doc):
+* lib/c-strstr.c (c_strstr):
+* lib/dfa.c (comsubs):
+* lib/mbschr.c (mbschr):
+* lib/mbspbrk.c (mbspbrk):
+* lib/mbsrchr.c (mbsrchr):
+* lib/memchr2.c (memchr2):
+* lib/string-desc.c (_sd_index):
+* tests/test-bsearch.c (lib_bsearch):
+* tests/test-memchr.c (lib_memchr):
+* tests/test-wmemchr.c (lib_wmemchr):
+Port to C23, where functions like strchr are qualifier-generic.
+* lib/c++defs.h (_GL_FUNCDECL_SYS_NAME): New macro.
+* lib/c++defs.h (_GL_FUNCDECL_SYS):
+* lib/stdlib.in.h (bsearch):
+Use it, to prevent C23 names like strchr from acting like macros.
+* lib/string.in.h (memchr, strchr, strpbrk, strrchr):
+Do not #undef when GNULIB_POSIXCHECK is defined, as this could
+cause conforming C23 code to fail to conform. It’s not clear why
+_GL_WARN_ON_USE_CXX; perhaps it was needed but isn’t any more?
+But for now, limit the removal of #undef to these four functions
+where #undeffing is clearly undesirable in C23.
+* lib/wchar.in.h (wmemchr): Parenthesize function name in decl,
+to prevent it from acting like a macro.
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/gnulib.git/commit/?id=df17f4f37ed3ca373d23ad42eae51122bdb96626]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ gettext-runtime/gnulib-lib/c++defs.h | 12 +++++++++++-
+ gettext-runtime/gnulib-lib/stdlib.in.h | 6 +++---
+ gettext-runtime/gnulib-lib/string.in.h | 4 ----
+ gettext-runtime/gnulib-lib/wchar.in.h | 2 +-
+ gettext-runtime/intl/gnulib-lib/c++defs.h | 12 +++++++++++-
+ gettext-runtime/intl/gnulib-lib/stdlib.in.h | 6 +++---
+ gettext-runtime/intl/gnulib-lib/string.in.h | 4 ----
+ gettext-runtime/intl/gnulib-lib/wchar.in.h | 2 +-
+ gettext-tools/gnulib-lib/c++defs.h | 12 +++++++++++-
+ gettext-tools/gnulib-lib/stdlib.in.h | 6 +++---
+ gettext-tools/gnulib-lib/string.in.h | 4 ----
+ gettext-tools/gnulib-lib/wchar.in.h | 2 +-
+ gettext-tools/libgettextpo/c++defs.h | 12 +++++++++++-
+ gettext-tools/libgettextpo/stdlib.in.h | 6 +++---
+ gettext-tools/libgettextpo/string.in.h | 4 ----
+ gettext-tools/libgettextpo/wchar.in.h | 2 +-
+ gettext-tools/libgrep/gnulib-lib/c++defs.h | 12 +++++++++++-
+ gettext-tools/libgrep/gnulib-lib/memchr2.c | 2 +-
+ gettext-tools/libgrep/gnulib-lib/stdlib.in.h | 6 +++---
+ gettext-tools/libgrep/gnulib-lib/wchar.in.h | 2 +-
+ libtextstyle/lib/c++defs.h | 12 +++++++++++-
+ libtextstyle/lib/stdlib.in.h | 6 +++---
+ libtextstyle/lib/string.in.h | 4 ----
+ libtextstyle/lib/wchar.in.h | 2 +-
+ 24 files changed, 91 insertions(+), 51 deletions(-)
+
+diff --git a/gettext-runtime/gnulib-lib/c++defs.h b/gettext-runtime/gnulib-lib/c++defs.h
+index df98a5a..d3dfabd 100644
+--- a/gettext-runtime/gnulib-lib/c++defs.h
++++ b/gettext-runtime/gnulib-lib/c++defs.h
+@@ -127,6 +127,16 @@
+ #define _GL_FUNCDECL_RPL_1(rpl_func,rettype,parameters,...) \
+ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype rpl_func parameters
+
++/* _GL_FUNCDECL_SYS_NAME (func) expands to plain func if C++, and to
++ parenthsized func otherwise. Parenthesization is needed in C23 if
++ the function is like strchr and so is a qualifier-generic macro
++ that expands to something more complicated. */
++#ifdef __cplusplus
++# define _GL_FUNCDECL_SYS_NAME(func) func
++#else
++# define _GL_FUNCDECL_SYS_NAME(func) (func)
++#endif
++
+ /* _GL_FUNCDECL_SYS (func, rettype, parameters, [attributes]);
+ declares the system function, named func, with the given prototype,
+ consisting of return type, parameters, and attributes.
+@@ -139,7 +149,7 @@
+ _GL_FUNCDECL_SYS (posix_openpt, int, (int flags), _GL_ATTRIBUTE_NODISCARD);
+ */
+ #define _GL_FUNCDECL_SYS(func,rettype,parameters,...) \
+- _GL_EXTERN_C_FUNC __VA_ARGS__ rettype func parameters
++ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype _GL_FUNCDECL_SYS_NAME (func) parameters
+
+ /* _GL_CXXALIAS_RPL (func, rettype, parameters);
+ declares a C++ alias called GNULIB_NAMESPACE::func
+diff --git a/gettext-runtime/gnulib-lib/stdlib.in.h b/gettext-runtime/gnulib-lib/stdlib.in.h
+index 1342db4..3548d6e 100644
+--- a/gettext-runtime/gnulib-lib/stdlib.in.h
++++ b/gettext-runtime/gnulib-lib/stdlib.in.h
+@@ -237,9 +237,9 @@ _GL_INLINE_HEADER_BEGIN
+
+ /* Declarations for ISO C N3322. */
+ #if defined __GNUC__ && __GNUC__ >= 15 && !defined __clang__
+-_GL_EXTERN_C void *bsearch (const void *__key,
+- const void *__base, size_t __nmemb, size_t __size,
+- int (*__compare) (const void *, const void *))
++_GL_EXTERN_C void *_GL_FUNCDECL_SYS_NAME (bsearch)
++ (const void *__key, const void *__base, size_t __nmemb, size_t __size,
++ int (*__compare) (const void *, const void *))
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3) _GL_ARG_NONNULL ((5));
+ _GL_EXTERN_C void qsort (void *__base, size_t __nmemb, size_t __size,
+ int (*__compare) (const void *, const void *))
+diff --git a/gettext-runtime/gnulib-lib/string.in.h b/gettext-runtime/gnulib-lib/string.in.h
+index 9a039c7..bc44f81 100644
+--- a/gettext-runtime/gnulib-lib/string.in.h
++++ b/gettext-runtime/gnulib-lib/string.in.h
+@@ -403,7 +403,6 @@ _GL_CXXALIASWARN1 (memchr, void const *,
+ _GL_CXXALIASWARN (memchr);
+ # endif
+ #elif defined GNULIB_POSIXCHECK
+-# undef memchr
+ /* Assume memchr is always declared. */
+ _GL_WARN_ON_USE (memchr, "memchr has platform-specific bugs - "
+ "use gnulib module memchr for portability" );
+@@ -653,7 +652,6 @@ _GL_WARN_ON_USE (stpncpy, "stpncpy is unportable - "
+ #if defined GNULIB_POSIXCHECK
+ /* strchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+-# undef strchr
+ /* Assume strchr is always declared. */
+ _GL_WARN_ON_USE_CXX (strchr,
+ const char *, char *, (const char *, int),
+@@ -945,7 +943,6 @@ _GL_CXXALIASWARN (strpbrk);
+ Even in this simple case, it does not work with multibyte strings if the
+ locale encoding is GB18030 and one of the characters to be searched is a
+ digit. */
+-# undef strpbrk
+ _GL_WARN_ON_USE_CXX (strpbrk,
+ const char *, char *, (const char *, const char *),
+ "strpbrk cannot work correctly on character strings "
+@@ -975,7 +972,6 @@ _GL_WARN_ON_USE (strspn, "strspn cannot work correctly on character strings "
+ #if defined GNULIB_POSIXCHECK
+ /* strrchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+-# undef strrchr
+ /* Assume strrchr is always declared. */
+ _GL_WARN_ON_USE_CXX (strrchr,
+ const char *, char *, (const char *, int),
+diff --git a/gettext-runtime/gnulib-lib/wchar.in.h b/gettext-runtime/gnulib-lib/wchar.in.h
+index a6c52eb..b4de385 100644
+--- a/gettext-runtime/gnulib-lib/wchar.in.h
++++ b/gettext-runtime/gnulib-lib/wchar.in.h
+@@ -316,7 +316,7 @@ _GL_EXTERN_C int wcsncmp (const wchar_t *__s1, const wchar_t *__s2, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ # ifndef __cplusplus
+-_GL_EXTERN_C wchar_t *wmemchr (const wchar_t *__s, wchar_t __wc, size_t __n)
++_GL_EXTERN_C wchar_t *(wmemchr) (const wchar_t *__s, wchar_t __wc, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ # endif
+ _GL_EXTERN_C wchar_t *wmemset (wchar_t *__s, wchar_t __wc, size_t __n)
+diff --git a/gettext-runtime/intl/gnulib-lib/c++defs.h b/gettext-runtime/intl/gnulib-lib/c++defs.h
+index df98a5a..d3dfabd 100644
+--- a/gettext-runtime/intl/gnulib-lib/c++defs.h
++++ b/gettext-runtime/intl/gnulib-lib/c++defs.h
+@@ -127,6 +127,16 @@
+ #define _GL_FUNCDECL_RPL_1(rpl_func,rettype,parameters,...) \
+ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype rpl_func parameters
+
++/* _GL_FUNCDECL_SYS_NAME (func) expands to plain func if C++, and to
++ parenthsized func otherwise. Parenthesization is needed in C23 if
++ the function is like strchr and so is a qualifier-generic macro
++ that expands to something more complicated. */
++#ifdef __cplusplus
++# define _GL_FUNCDECL_SYS_NAME(func) func
++#else
++# define _GL_FUNCDECL_SYS_NAME(func) (func)
++#endif
++
+ /* _GL_FUNCDECL_SYS (func, rettype, parameters, [attributes]);
+ declares the system function, named func, with the given prototype,
+ consisting of return type, parameters, and attributes.
+@@ -139,7 +149,7 @@
+ _GL_FUNCDECL_SYS (posix_openpt, int, (int flags), _GL_ATTRIBUTE_NODISCARD);
+ */
+ #define _GL_FUNCDECL_SYS(func,rettype,parameters,...) \
+- _GL_EXTERN_C_FUNC __VA_ARGS__ rettype func parameters
++ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype _GL_FUNCDECL_SYS_NAME (func) parameters
+
+ /* _GL_CXXALIAS_RPL (func, rettype, parameters);
+ declares a C++ alias called GNULIB_NAMESPACE::func
+diff --git a/gettext-runtime/intl/gnulib-lib/stdlib.in.h b/gettext-runtime/intl/gnulib-lib/stdlib.in.h
+index 1342db4..3548d6e 100644
+--- a/gettext-runtime/intl/gnulib-lib/stdlib.in.h
++++ b/gettext-runtime/intl/gnulib-lib/stdlib.in.h
+@@ -237,9 +237,9 @@ _GL_INLINE_HEADER_BEGIN
+
+ /* Declarations for ISO C N3322. */
+ #if defined __GNUC__ && __GNUC__ >= 15 && !defined __clang__
+-_GL_EXTERN_C void *bsearch (const void *__key,
+- const void *__base, size_t __nmemb, size_t __size,
+- int (*__compare) (const void *, const void *))
++_GL_EXTERN_C void *_GL_FUNCDECL_SYS_NAME (bsearch)
++ (const void *__key, const void *__base, size_t __nmemb, size_t __size,
++ int (*__compare) (const void *, const void *))
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3) _GL_ARG_NONNULL ((5));
+ _GL_EXTERN_C void qsort (void *__base, size_t __nmemb, size_t __size,
+ int (*__compare) (const void *, const void *))
+diff --git a/gettext-runtime/intl/gnulib-lib/string.in.h b/gettext-runtime/intl/gnulib-lib/string.in.h
+index 9a039c7..bc44f81 100644
+--- a/gettext-runtime/intl/gnulib-lib/string.in.h
++++ b/gettext-runtime/intl/gnulib-lib/string.in.h
+@@ -403,7 +403,6 @@ _GL_CXXALIASWARN1 (memchr, void const *,
+ _GL_CXXALIASWARN (memchr);
+ # endif
+ #elif defined GNULIB_POSIXCHECK
+-# undef memchr
+ /* Assume memchr is always declared. */
+ _GL_WARN_ON_USE (memchr, "memchr has platform-specific bugs - "
+ "use gnulib module memchr for portability" );
+@@ -653,7 +652,6 @@ _GL_WARN_ON_USE (stpncpy, "stpncpy is unportable - "
+ #if defined GNULIB_POSIXCHECK
+ /* strchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+-# undef strchr
+ /* Assume strchr is always declared. */
+ _GL_WARN_ON_USE_CXX (strchr,
+ const char *, char *, (const char *, int),
+@@ -945,7 +943,6 @@ _GL_CXXALIASWARN (strpbrk);
+ Even in this simple case, it does not work with multibyte strings if the
+ locale encoding is GB18030 and one of the characters to be searched is a
+ digit. */
+-# undef strpbrk
+ _GL_WARN_ON_USE_CXX (strpbrk,
+ const char *, char *, (const char *, const char *),
+ "strpbrk cannot work correctly on character strings "
+@@ -975,7 +972,6 @@ _GL_WARN_ON_USE (strspn, "strspn cannot work correctly on character strings "
+ #if defined GNULIB_POSIXCHECK
+ /* strrchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+-# undef strrchr
+ /* Assume strrchr is always declared. */
+ _GL_WARN_ON_USE_CXX (strrchr,
+ const char *, char *, (const char *, int),
+diff --git a/gettext-runtime/intl/gnulib-lib/wchar.in.h b/gettext-runtime/intl/gnulib-lib/wchar.in.h
+index a6c52eb..b4de385 100644
+--- a/gettext-runtime/intl/gnulib-lib/wchar.in.h
++++ b/gettext-runtime/intl/gnulib-lib/wchar.in.h
+@@ -316,7 +316,7 @@ _GL_EXTERN_C int wcsncmp (const wchar_t *__s1, const wchar_t *__s2, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ # ifndef __cplusplus
+-_GL_EXTERN_C wchar_t *wmemchr (const wchar_t *__s, wchar_t __wc, size_t __n)
++_GL_EXTERN_C wchar_t *(wmemchr) (const wchar_t *__s, wchar_t __wc, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ # endif
+ _GL_EXTERN_C wchar_t *wmemset (wchar_t *__s, wchar_t __wc, size_t __n)
+diff --git a/gettext-tools/gnulib-lib/c++defs.h b/gettext-tools/gnulib-lib/c++defs.h
+index df98a5a..d3dfabd 100644
+--- a/gettext-tools/gnulib-lib/c++defs.h
++++ b/gettext-tools/gnulib-lib/c++defs.h
+@@ -127,6 +127,16 @@
+ #define _GL_FUNCDECL_RPL_1(rpl_func,rettype,parameters,...) \
+ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype rpl_func parameters
+
++/* _GL_FUNCDECL_SYS_NAME (func) expands to plain func if C++, and to
++ parenthsized func otherwise. Parenthesization is needed in C23 if
++ the function is like strchr and so is a qualifier-generic macro
++ that expands to something more complicated. */
++#ifdef __cplusplus
++# define _GL_FUNCDECL_SYS_NAME(func) func
++#else
++# define _GL_FUNCDECL_SYS_NAME(func) (func)
++#endif
++
+ /* _GL_FUNCDECL_SYS (func, rettype, parameters, [attributes]);
+ declares the system function, named func, with the given prototype,
+ consisting of return type, parameters, and attributes.
+@@ -139,7 +149,7 @@
+ _GL_FUNCDECL_SYS (posix_openpt, int, (int flags), _GL_ATTRIBUTE_NODISCARD);
+ */
+ #define _GL_FUNCDECL_SYS(func,rettype,parameters,...) \
+- _GL_EXTERN_C_FUNC __VA_ARGS__ rettype func parameters
++ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype _GL_FUNCDECL_SYS_NAME (func) parameters
+
+ /* _GL_CXXALIAS_RPL (func, rettype, parameters);
+ declares a C++ alias called GNULIB_NAMESPACE::func
+diff --git a/gettext-tools/gnulib-lib/stdlib.in.h b/gettext-tools/gnulib-lib/stdlib.in.h
+index 1342db4..3548d6e 100644
+--- a/gettext-tools/gnulib-lib/stdlib.in.h
++++ b/gettext-tools/gnulib-lib/stdlib.in.h
+@@ -237,9 +237,9 @@ _GL_INLINE_HEADER_BEGIN
+
+ /* Declarations for ISO C N3322. */
+ #if defined __GNUC__ && __GNUC__ >= 15 && !defined __clang__
+-_GL_EXTERN_C void *bsearch (const void *__key,
+- const void *__base, size_t __nmemb, size_t __size,
+- int (*__compare) (const void *, const void *))
++_GL_EXTERN_C void *_GL_FUNCDECL_SYS_NAME (bsearch)
++ (const void *__key, const void *__base, size_t __nmemb, size_t __size,
++ int (*__compare) (const void *, const void *))
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3) _GL_ARG_NONNULL ((5));
+ _GL_EXTERN_C void qsort (void *__base, size_t __nmemb, size_t __size,
+ int (*__compare) (const void *, const void *))
+diff --git a/gettext-tools/gnulib-lib/string.in.h b/gettext-tools/gnulib-lib/string.in.h
+index 9a039c7..bc44f81 100644
+--- a/gettext-tools/gnulib-lib/string.in.h
++++ b/gettext-tools/gnulib-lib/string.in.h
+@@ -403,7 +403,6 @@ _GL_CXXALIASWARN1 (memchr, void const *,
+ _GL_CXXALIASWARN (memchr);
+ # endif
+ #elif defined GNULIB_POSIXCHECK
+-# undef memchr
+ /* Assume memchr is always declared. */
+ _GL_WARN_ON_USE (memchr, "memchr has platform-specific bugs - "
+ "use gnulib module memchr for portability" );
+@@ -653,7 +652,6 @@ _GL_WARN_ON_USE (stpncpy, "stpncpy is unportable - "
+ #if defined GNULIB_POSIXCHECK
+ /* strchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+-# undef strchr
+ /* Assume strchr is always declared. */
+ _GL_WARN_ON_USE_CXX (strchr,
+ const char *, char *, (const char *, int),
+@@ -945,7 +943,6 @@ _GL_CXXALIASWARN (strpbrk);
+ Even in this simple case, it does not work with multibyte strings if the
+ locale encoding is GB18030 and one of the characters to be searched is a
+ digit. */
+-# undef strpbrk
+ _GL_WARN_ON_USE_CXX (strpbrk,
+ const char *, char *, (const char *, const char *),
+ "strpbrk cannot work correctly on character strings "
+@@ -975,7 +972,6 @@ _GL_WARN_ON_USE (strspn, "strspn cannot work correctly on character strings "
+ #if defined GNULIB_POSIXCHECK
+ /* strrchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+-# undef strrchr
+ /* Assume strrchr is always declared. */
+ _GL_WARN_ON_USE_CXX (strrchr,
+ const char *, char *, (const char *, int),
+diff --git a/gettext-tools/gnulib-lib/wchar.in.h b/gettext-tools/gnulib-lib/wchar.in.h
+index a6c52eb..b4de385 100644
+--- a/gettext-tools/gnulib-lib/wchar.in.h
++++ b/gettext-tools/gnulib-lib/wchar.in.h
+@@ -316,7 +316,7 @@ _GL_EXTERN_C int wcsncmp (const wchar_t *__s1, const wchar_t *__s2, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ # ifndef __cplusplus
+-_GL_EXTERN_C wchar_t *wmemchr (const wchar_t *__s, wchar_t __wc, size_t __n)
++_GL_EXTERN_C wchar_t *(wmemchr) (const wchar_t *__s, wchar_t __wc, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ # endif
+ _GL_EXTERN_C wchar_t *wmemset (wchar_t *__s, wchar_t __wc, size_t __n)
+diff --git a/gettext-tools/libgettextpo/c++defs.h b/gettext-tools/libgettextpo/c++defs.h
+index df98a5a..d3dfabd 100644
+--- a/gettext-tools/libgettextpo/c++defs.h
++++ b/gettext-tools/libgettextpo/c++defs.h
+@@ -127,6 +127,16 @@
+ #define _GL_FUNCDECL_RPL_1(rpl_func,rettype,parameters,...) \
+ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype rpl_func parameters
+
++/* _GL_FUNCDECL_SYS_NAME (func) expands to plain func if C++, and to
++ parenthsized func otherwise. Parenthesization is needed in C23 if
++ the function is like strchr and so is a qualifier-generic macro
++ that expands to something more complicated. */
++#ifdef __cplusplus
++# define _GL_FUNCDECL_SYS_NAME(func) func
++#else
++# define _GL_FUNCDECL_SYS_NAME(func) (func)
++#endif
++
+ /* _GL_FUNCDECL_SYS (func, rettype, parameters, [attributes]);
+ declares the system function, named func, with the given prototype,
+ consisting of return type, parameters, and attributes.
+@@ -139,7 +149,7 @@
+ _GL_FUNCDECL_SYS (posix_openpt, int, (int flags), _GL_ATTRIBUTE_NODISCARD);
+ */
+ #define _GL_FUNCDECL_SYS(func,rettype,parameters,...) \
+- _GL_EXTERN_C_FUNC __VA_ARGS__ rettype func parameters
++ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype _GL_FUNCDECL_SYS_NAME (func) parameters
+
+ /* _GL_CXXALIAS_RPL (func, rettype, parameters);
+ declares a C++ alias called GNULIB_NAMESPACE::func
+diff --git a/gettext-tools/libgettextpo/stdlib.in.h b/gettext-tools/libgettextpo/stdlib.in.h
+index 1342db4..3548d6e 100644
+--- a/gettext-tools/libgettextpo/stdlib.in.h
++++ b/gettext-tools/libgettextpo/stdlib.in.h
+@@ -237,9 +237,9 @@ _GL_INLINE_HEADER_BEGIN
+
+ /* Declarations for ISO C N3322. */
+ #if defined __GNUC__ && __GNUC__ >= 15 && !defined __clang__
+-_GL_EXTERN_C void *bsearch (const void *__key,
+- const void *__base, size_t __nmemb, size_t __size,
+- int (*__compare) (const void *, const void *))
++_GL_EXTERN_C void *_GL_FUNCDECL_SYS_NAME (bsearch)
++ (const void *__key, const void *__base, size_t __nmemb, size_t __size,
++ int (*__compare) (const void *, const void *))
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3) _GL_ARG_NONNULL ((5));
+ _GL_EXTERN_C void qsort (void *__base, size_t __nmemb, size_t __size,
+ int (*__compare) (const void *, const void *))
+diff --git a/gettext-tools/libgettextpo/string.in.h b/gettext-tools/libgettextpo/string.in.h
+index 9a039c7..bc44f81 100644
+--- a/gettext-tools/libgettextpo/string.in.h
++++ b/gettext-tools/libgettextpo/string.in.h
+@@ -403,7 +403,6 @@ _GL_CXXALIASWARN1 (memchr, void const *,
+ _GL_CXXALIASWARN (memchr);
+ # endif
+ #elif defined GNULIB_POSIXCHECK
+-# undef memchr
+ /* Assume memchr is always declared. */
+ _GL_WARN_ON_USE (memchr, "memchr has platform-specific bugs - "
+ "use gnulib module memchr for portability" );
+@@ -653,7 +652,6 @@ _GL_WARN_ON_USE (stpncpy, "stpncpy is unportable - "
+ #if defined GNULIB_POSIXCHECK
+ /* strchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+-# undef strchr
+ /* Assume strchr is always declared. */
+ _GL_WARN_ON_USE_CXX (strchr,
+ const char *, char *, (const char *, int),
+@@ -945,7 +943,6 @@ _GL_CXXALIASWARN (strpbrk);
+ Even in this simple case, it does not work with multibyte strings if the
+ locale encoding is GB18030 and one of the characters to be searched is a
+ digit. */
+-# undef strpbrk
+ _GL_WARN_ON_USE_CXX (strpbrk,
+ const char *, char *, (const char *, const char *),
+ "strpbrk cannot work correctly on character strings "
+@@ -975,7 +972,6 @@ _GL_WARN_ON_USE (strspn, "strspn cannot work correctly on character strings "
+ #if defined GNULIB_POSIXCHECK
+ /* strrchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+-# undef strrchr
+ /* Assume strrchr is always declared. */
+ _GL_WARN_ON_USE_CXX (strrchr,
+ const char *, char *, (const char *, int),
+diff --git a/gettext-tools/libgettextpo/wchar.in.h b/gettext-tools/libgettextpo/wchar.in.h
+index a6c52eb..b4de385 100644
+--- a/gettext-tools/libgettextpo/wchar.in.h
++++ b/gettext-tools/libgettextpo/wchar.in.h
+@@ -316,7 +316,7 @@ _GL_EXTERN_C int wcsncmp (const wchar_t *__s1, const wchar_t *__s2, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ # ifndef __cplusplus
+-_GL_EXTERN_C wchar_t *wmemchr (const wchar_t *__s, wchar_t __wc, size_t __n)
++_GL_EXTERN_C wchar_t *(wmemchr) (const wchar_t *__s, wchar_t __wc, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ # endif
+ _GL_EXTERN_C wchar_t *wmemset (wchar_t *__s, wchar_t __wc, size_t __n)
+diff --git a/gettext-tools/libgrep/gnulib-lib/c++defs.h b/gettext-tools/libgrep/gnulib-lib/c++defs.h
+index df98a5a..d3dfabd 100644
+--- a/gettext-tools/libgrep/gnulib-lib/c++defs.h
++++ b/gettext-tools/libgrep/gnulib-lib/c++defs.h
+@@ -127,6 +127,16 @@
+ #define _GL_FUNCDECL_RPL_1(rpl_func,rettype,parameters,...) \
+ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype rpl_func parameters
+
++/* _GL_FUNCDECL_SYS_NAME (func) expands to plain func if C++, and to
++ parenthsized func otherwise. Parenthesization is needed in C23 if
++ the function is like strchr and so is a qualifier-generic macro
++ that expands to something more complicated. */
++#ifdef __cplusplus
++# define _GL_FUNCDECL_SYS_NAME(func) func
++#else
++# define _GL_FUNCDECL_SYS_NAME(func) (func)
++#endif
++
+ /* _GL_FUNCDECL_SYS (func, rettype, parameters, [attributes]);
+ declares the system function, named func, with the given prototype,
+ consisting of return type, parameters, and attributes.
+@@ -139,7 +149,7 @@
+ _GL_FUNCDECL_SYS (posix_openpt, int, (int flags), _GL_ATTRIBUTE_NODISCARD);
+ */
+ #define _GL_FUNCDECL_SYS(func,rettype,parameters,...) \
+- _GL_EXTERN_C_FUNC __VA_ARGS__ rettype func parameters
++ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype _GL_FUNCDECL_SYS_NAME (func) parameters
+
+ /* _GL_CXXALIAS_RPL (func, rettype, parameters);
+ declares a C++ alias called GNULIB_NAMESPACE::func
+diff --git a/gettext-tools/libgrep/gnulib-lib/memchr2.c b/gettext-tools/libgrep/gnulib-lib/memchr2.c
+index 7493823..d7724ae 100644
+--- a/gettext-tools/libgrep/gnulib-lib/memchr2.c
++++ b/gettext-tools/libgrep/gnulib-lib/memchr2.c
+@@ -55,7 +55,7 @@ memchr2 (void const *s, int c1_in, int c2_in, size_t n)
+ c2 = (unsigned char) c2_in;
+
+ if (c1 == c2)
+- return memchr (s, c1, n);
++ return (void *) memchr (s, c1, n);
+
+ /* Handle the first few bytes by reading one byte at a time.
+ Do this until VOID_PTR is aligned on a longword boundary. */
+diff --git a/gettext-tools/libgrep/gnulib-lib/stdlib.in.h b/gettext-tools/libgrep/gnulib-lib/stdlib.in.h
+index 1342db4..3548d6e 100644
+--- a/gettext-tools/libgrep/gnulib-lib/stdlib.in.h
++++ b/gettext-tools/libgrep/gnulib-lib/stdlib.in.h
+@@ -237,9 +237,9 @@ _GL_INLINE_HEADER_BEGIN
+
+ /* Declarations for ISO C N3322. */
+ #if defined __GNUC__ && __GNUC__ >= 15 && !defined __clang__
+-_GL_EXTERN_C void *bsearch (const void *__key,
+- const void *__base, size_t __nmemb, size_t __size,
+- int (*__compare) (const void *, const void *))
++_GL_EXTERN_C void *_GL_FUNCDECL_SYS_NAME (bsearch)
++ (const void *__key, const void *__base, size_t __nmemb, size_t __size,
++ int (*__compare) (const void *, const void *))
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3) _GL_ARG_NONNULL ((5));
+ _GL_EXTERN_C void qsort (void *__base, size_t __nmemb, size_t __size,
+ int (*__compare) (const void *, const void *))
+diff --git a/gettext-tools/libgrep/gnulib-lib/wchar.in.h b/gettext-tools/libgrep/gnulib-lib/wchar.in.h
+index a6c52eb..b4de385 100644
+--- a/gettext-tools/libgrep/gnulib-lib/wchar.in.h
++++ b/gettext-tools/libgrep/gnulib-lib/wchar.in.h
+@@ -316,7 +316,7 @@ _GL_EXTERN_C int wcsncmp (const wchar_t *__s1, const wchar_t *__s2, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ # ifndef __cplusplus
+-_GL_EXTERN_C wchar_t *wmemchr (const wchar_t *__s, wchar_t __wc, size_t __n)
++_GL_EXTERN_C wchar_t *(wmemchr) (const wchar_t *__s, wchar_t __wc, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ # endif
+ _GL_EXTERN_C wchar_t *wmemset (wchar_t *__s, wchar_t __wc, size_t __n)
+diff --git a/libtextstyle/lib/c++defs.h b/libtextstyle/lib/c++defs.h
+index df98a5a..d3dfabd 100644
+--- a/libtextstyle/lib/c++defs.h
++++ b/libtextstyle/lib/c++defs.h
+@@ -127,6 +127,16 @@
+ #define _GL_FUNCDECL_RPL_1(rpl_func,rettype,parameters,...) \
+ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype rpl_func parameters
+
++/* _GL_FUNCDECL_SYS_NAME (func) expands to plain func if C++, and to
++ parenthsized func otherwise. Parenthesization is needed in C23 if
++ the function is like strchr and so is a qualifier-generic macro
++ that expands to something more complicated. */
++#ifdef __cplusplus
++# define _GL_FUNCDECL_SYS_NAME(func) func
++#else
++# define _GL_FUNCDECL_SYS_NAME(func) (func)
++#endif
++
+ /* _GL_FUNCDECL_SYS (func, rettype, parameters, [attributes]);
+ declares the system function, named func, with the given prototype,
+ consisting of return type, parameters, and attributes.
+@@ -139,7 +149,7 @@
+ _GL_FUNCDECL_SYS (posix_openpt, int, (int flags), _GL_ATTRIBUTE_NODISCARD);
+ */
+ #define _GL_FUNCDECL_SYS(func,rettype,parameters,...) \
+- _GL_EXTERN_C_FUNC __VA_ARGS__ rettype func parameters
++ _GL_EXTERN_C_FUNC __VA_ARGS__ rettype _GL_FUNCDECL_SYS_NAME (func) parameters
+
+ /* _GL_CXXALIAS_RPL (func, rettype, parameters);
+ declares a C++ alias called GNULIB_NAMESPACE::func
+diff --git a/libtextstyle/lib/stdlib.in.h b/libtextstyle/lib/stdlib.in.h
+index 1342db4..3548d6e 100644
+--- a/libtextstyle/lib/stdlib.in.h
++++ b/libtextstyle/lib/stdlib.in.h
+@@ -237,9 +237,9 @@ _GL_INLINE_HEADER_BEGIN
+
+ /* Declarations for ISO C N3322. */
+ #if defined __GNUC__ && __GNUC__ >= 15 && !defined __clang__
+-_GL_EXTERN_C void *bsearch (const void *__key,
+- const void *__base, size_t __nmemb, size_t __size,
+- int (*__compare) (const void *, const void *))
++_GL_EXTERN_C void *_GL_FUNCDECL_SYS_NAME (bsearch)
++ (const void *__key, const void *__base, size_t __nmemb, size_t __size,
++ int (*__compare) (const void *, const void *))
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3) _GL_ARG_NONNULL ((5));
+ _GL_EXTERN_C void qsort (void *__base, size_t __nmemb, size_t __size,
+ int (*__compare) (const void *, const void *))
+diff --git a/libtextstyle/lib/string.in.h b/libtextstyle/lib/string.in.h
+index 9a039c7..bc44f81 100644
+--- a/libtextstyle/lib/string.in.h
++++ b/libtextstyle/lib/string.in.h
+@@ -403,7 +403,6 @@ _GL_CXXALIASWARN1 (memchr, void const *,
+ _GL_CXXALIASWARN (memchr);
+ # endif
+ #elif defined GNULIB_POSIXCHECK
+-# undef memchr
+ /* Assume memchr is always declared. */
+ _GL_WARN_ON_USE (memchr, "memchr has platform-specific bugs - "
+ "use gnulib module memchr for portability" );
+@@ -653,7 +652,6 @@ _GL_WARN_ON_USE (stpncpy, "stpncpy is unportable - "
+ #if defined GNULIB_POSIXCHECK
+ /* strchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+-# undef strchr
+ /* Assume strchr is always declared. */
+ _GL_WARN_ON_USE_CXX (strchr,
+ const char *, char *, (const char *, int),
+@@ -945,7 +943,6 @@ _GL_CXXALIASWARN (strpbrk);
+ Even in this simple case, it does not work with multibyte strings if the
+ locale encoding is GB18030 and one of the characters to be searched is a
+ digit. */
+-# undef strpbrk
+ _GL_WARN_ON_USE_CXX (strpbrk,
+ const char *, char *, (const char *, const char *),
+ "strpbrk cannot work correctly on character strings "
+@@ -975,7 +972,6 @@ _GL_WARN_ON_USE (strspn, "strspn cannot work correctly on character strings "
+ #if defined GNULIB_POSIXCHECK
+ /* strrchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+-# undef strrchr
+ /* Assume strrchr is always declared. */
+ _GL_WARN_ON_USE_CXX (strrchr,
+ const char *, char *, (const char *, int),
+diff --git a/libtextstyle/lib/wchar.in.h b/libtextstyle/lib/wchar.in.h
+index a6c52eb..b4de385 100644
+--- a/libtextstyle/lib/wchar.in.h
++++ b/libtextstyle/lib/wchar.in.h
+@@ -316,7 +316,7 @@ _GL_EXTERN_C int wcsncmp (const wchar_t *__s1, const wchar_t *__s2, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
+ # ifndef __cplusplus
+-_GL_EXTERN_C wchar_t *wmemchr (const wchar_t *__s, wchar_t __wc, size_t __n)
++_GL_EXTERN_C wchar_t *(wmemchr) (const wchar_t *__s, wchar_t __wc, size_t __n)
+ _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
+ # endif
+ _GL_EXTERN_C wchar_t *wmemset (wchar_t *__s, wchar_t __wc, size_t __n)
diff --git a/meta/recipes-core/gettext/gettext_0.26.bb b/meta/recipes-core/gettext/gettext_0.26.bb
index b99b301af48..bb730154497 100644
--- a/meta/recipes-core/gettext/gettext_0.26.bb
+++ b/meta/recipes-core/gettext/gettext_0.26.bb
@@ -26,6 +26,7 @@ SRC_URI += " \
file://serial-tests-config.patch \
file://0001-tests-autopoint-3-unset-MAKEFLAGS.patch \
file://0001-init-env.in-do-not-add-C-CXX-parameters.patch \
+ file://0001-Port-to-C23-qualifier-generic-fns-like-strchr.patch \
"
SRC_URI:append:libc-musl = " file://0001-Ignore-failing-tests-needing-BIG5-encoding-on-musl.patch"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 23/47] util-linux: backport fix to build with glibc-2.43 on host
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (21 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 22/47] gettext: backport " Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 24/47] systemd: " Yoann Congal
` (24 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-core/util-linux/util-linux.inc | 1 +
...x-bsearch-macro-usage-with-glibc-C23.patch | 40 +++++++++++++++++++
2 files changed, 41 insertions(+)
create mode 100644 meta/recipes-core/util-linux/util-linux/0001-lsfd-fix-bsearch-macro-usage-with-glibc-C23.patch
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 3135bbb7c64..3bcf681f243 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -21,6 +21,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
file://0001-ts-kill-decode-use-RTMIN-from-kill-L-instead-of-hard.patch \
file://0001-tests-helpers-test_sigstate.c-explicitly-reset-SIGIN.patch \
file://0001-include-mount-api-utils-avoid-using-sys-mount.h.patch \
+ file://0001-lsfd-fix-bsearch-macro-usage-with-glibc-C23.patch \
file://CVE-2025-14104-01.patch \
file://CVE-2025-14104-02.patch \
"
diff --git a/meta/recipes-core/util-linux/util-linux/0001-lsfd-fix-bsearch-macro-usage-with-glibc-C23.patch b/meta/recipes-core/util-linux/util-linux/0001-lsfd-fix-bsearch-macro-usage-with-glibc-C23.patch
new file mode 100644
index 00000000000..6194594f7fc
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/0001-lsfd-fix-bsearch-macro-usage-with-glibc-C23.patch
@@ -0,0 +1,40 @@
+From 710a6989e0fc6dfc9290e2639022d1dbf429557f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <cristian@rodriguez.im>
+Date: Sat, 22 Nov 2025 10:41:08 -0300
+Subject: [PATCH] lsfd: fix bsearch macro usage with glibc C23
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+C23 requires bsearch to be a const preserving macro, build now fails
+with
+
+../lsfd-cmd/lsfd.c:1879:75: error: macro ‘bsearch’ passed 6 arguments, but takes just 5
+ 1879 | nfds, sizeof(struct pollfd), pollfdcmp))
+ | ^
+In file included from ../include/c.h:17,
+ from ../lsfd-cmd/lsfd.c:48:
+/usr/include/stdlib.h:987:10: note: macro ‘bsearch’ defined here
+ 987 | # define bsearch(KEY, BASE, NMEMB, SIZE, COMPAR) \
+
+ add parenthesis around expression to fix it.
+
+Upstream-Status: Backport [2.42 https://github.com/util-linux/util-linux/commit/711bda1441561bfd2eb6d45fe0bc789535c1f1a8]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ lsfd-cmd/lsfd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lsfd-cmd/lsfd.c b/lsfd-cmd/lsfd.c
+index 75cd1de..9aae240 100644
+--- a/lsfd-cmd/lsfd.c
++++ b/lsfd-cmd/lsfd.c
+@@ -1836,7 +1836,7 @@ static void mark_poll_fds_as_multiplexed(char *buf,
+ struct file *file = list_entry(f, struct file, files);
+ if (is_opened_file(file) && !file->multiplexed) {
+ int fd = file->association;
+- if (bsearch(&(struct pollfd){.fd = fd,}, local.iov_base,
++ if (bsearch((&(struct pollfd){.fd = fd,}), local.iov_base,
+ nfds, sizeof(struct pollfd), pollfdcmp))
+ file->multiplexed = 1;
+ }
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 24/47] systemd: backport fix to build with glibc-2.43 on host
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (22 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 23/47] util-linux: backport fix to " Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 25/47] virglrenderer: Fix build with glibc 2.43+ Yoann Congal
` (23 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
fixes systemd-systemctl-native on hosts with glibc-2.43:
In file included from ../sources/systemd-systemctl-257.9/src/basic/errno-list.c:13:
src/basic/errno-to-name.h:71:23: error: initialized field overwritten [-Werror=override-init]
71 | [EFSBADCRC] = "EFSBADCRC",
| ^~~~~~~~~~~
src/basic/errno-to-name.h:71:23: note: (near initialization for ?errno_names[74]?)
src/basic/errno-to-name.h:114:26: error: initialized field overwritten [-Werror=override-init]
114 | [EFSCORRUPTED] = "EFSCORRUPTED",
| ^~~~~~~~~~~~~~
src/basic/errno-to-name.h:114:26: note: (near initialization for ?errno_names[117]?)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-core/systemd/systemd.inc | 4 ++-
...ilter-out-EFSBADCRC-and-EFSCORRUPTED.patch | 34 +++++++++++++++++++
2 files changed, 37 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-core/systemd/systemd/0001-errno-list-filter-out-EFSBADCRC-and-EFSCORRUPTED.patch
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc
index 761660f2c84..f41acc029d1 100644
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -17,6 +17,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
SRCREV = "5e38d199a623563698ab4a69acbbe3afa9135198"
SRCBRANCH = "v257-stable"
-SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH};tag=v${PV}"
+SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH};tag=v${PV} \
+ file://0001-errno-list-filter-out-EFSBADCRC-and-EFSCORRUPTED.patch \
+"
CVE_PRODUCT = "systemd"
diff --git a/meta/recipes-core/systemd/systemd/0001-errno-list-filter-out-EFSBADCRC-and-EFSCORRUPTED.patch b/meta/recipes-core/systemd/systemd/0001-errno-list-filter-out-EFSBADCRC-and-EFSCORRUPTED.patch
new file mode 100644
index 00000000000..5673175cb13
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0001-errno-list-filter-out-EFSBADCRC-and-EFSCORRUPTED.patch
@@ -0,0 +1,34 @@
+From fb146f6d2c5118410fd19907651fd8f7310bf69e Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Tue, 24 Feb 2026 20:19:45 +0900
+Subject: [PATCH] errno-list: filter out EFSBADCRC and EFSCORRUPTED
+
+These are introduced in kernel v7.0.
+
+Upstream-Status: Backport [https://github.com/systemd/systemd/commit/3cfb16998808a6ec8012a6120d0a82f0e1a0c8bb]
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+---
+ src/basic/generate-errno-list.sh | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/basic/generate-errno-list.sh b/src/basic/generate-errno-list.sh
+index f756b2e020..491fa1b6e3 100755
+--- a/src/basic/generate-errno-list.sh
++++ b/src/basic/generate-errno-list.sh
+@@ -3,9 +3,13 @@
+ set -eu
+ set -o pipefail
+
+-# In kernel's arch/parisc/include/uapi/asm/errno.h, ECANCELLED and EREFUSED are defined as aliases of
+-# ECANCELED and ECONNREFUSED, respectively. Let's drop them.
++# In kernel's arch/parisc/include/uapi/asm/errno.h, The following aliases are defined:
++# ECANCELLED → ECANCELED
++# EREFUSED → ECONNREFUSED
++# EFSBADCRC → EBADMSG
++# EFSCORRUPTED → EUCLEAN
++# Let's drop them.
+
+ ${1:?} -dM -include errno.h - </dev/null | \
+- grep -Ev '^#define[[:space:]]+(ECANCELLED|EREFUSED)' | \
++ grep -Ev '^#define[[:space:]]+(ECANCELLED|EREFUSED|EFSBADCRC|EFSCORRUPTED)' | \
+ awk '/^#define[ \t]+E[^ _]+[ \t]+/ { print $2; }'
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 25/47] virglrenderer: Fix build with glibc 2.43+
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (23 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 24/47] systemd: " Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 26/47] libxcrypt: avoid discarded-qualifiers build failure with glibc 2.43 Yoann Congal
` (22 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(cherry picked from commit 8e85dc6b7f5f7668a610b5fd3754c716f0af65b0)
[YC: Fixed patch format and Submitted->Backport]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...once_flag-ONCE_FLAG_INIT-when-presen.patch | 55 +++++++++++++++++++
.../virglrenderer/virglrenderer_1.1.1.bb | 1 +
2 files changed, 56 insertions(+)
create mode 100644 meta/recipes-graphics/virglrenderer/virglrenderer/0001-c11-use-glibc-s-once_flag-ONCE_FLAG_INIT-when-presen.patch
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/0001-c11-use-glibc-s-once_flag-ONCE_FLAG_INIT-when-presen.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/0001-c11-use-glibc-s-once_flag-ONCE_FLAG_INIT-when-presen.patch
new file mode 100644
index 00000000000..2fa7245371d
--- /dev/null
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer/0001-c11-use-glibc-s-once_flag-ONCE_FLAG_INIT-when-presen.patch
@@ -0,0 +1,55 @@
+From 179e744f7577d98df7c79d7324c22acfb32a0154 Mon Sep 17 00:00:00 2001
+From: Dave Airlie <airlied@redhat.com>
+Date: Fri, 7 Nov 2025 13:14:56 +1000
+Subject: [PATCH] c11/threads: fix build on c23
+
+C23/glibc is now including once_init in stdlib.h
+
+https://patchwork.sourceware.org/project/glibc/patch/78061085-f04a-0c45-107b-5a8a15521083@redhat.com/#213088
+
+Just fix up our use of it.
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/3f0f775edb2df5ea54c37863286ad565ccddb276]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/mesa/compat/c11/impl/threads_posix.c | 3 ++-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+--- a/src/mesa/compat/c11/threads_posix.h
++++ b/src/mesa/compat/c11/threads_posix.h
+@@ -51,7 +51,9 @@ Configuration macro:
+ #include <pthread.h>
+
+ /*---------------------------- macros ----------------------------*/
++#ifndef __once_flag_defined
+ #define ONCE_FLAG_INIT PTHREAD_ONCE_INIT
++#endif
+ #ifdef INIT_ONCE_STATIC_INIT
+ #define TSS_DTOR_ITERATIONS PTHREAD_DESTRUCTOR_ITERATIONS
+ #else
+@@ -66,8 +68,9 @@ typedef pthread_cond_t cnd_t;
+ typedef pthread_t thrd_t;
+ typedef pthread_key_t tss_t;
+ typedef pthread_mutex_t mtx_t;
++#ifndef __once_flag_defined
+ typedef pthread_once_t once_flag;
+-
++#endif
+
+ /*
+ Implementation limits:
+@@ -90,12 +93,13 @@ impl_thrd_routine(void *p)
+
+ /*--------------- 7.25.2 Initialization functions ---------------*/
+ // 7.25.2.1
++#ifndef __once_flag_defined
+ static inline void
+ call_once(once_flag *flag, void (*func)(void))
+ {
+ pthread_once(flag, func);
+ }
+-
++#endif
+
+ /*------------- 7.25.3 Condition variable functions -------------*/
+ // 7.25.3.1
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_1.1.1.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_1.1.1.bb
index 89dd25de70e..be4385ada61 100644
--- a/meta/recipes-graphics/virglrenderer/virglrenderer_1.1.1.bb
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer_1.1.1.bb
@@ -12,6 +12,7 @@ DEPENDS = "libdrm libepoxy python3-pyyaml-native virtual/egl virtual/libgbm"
SRCREV = "0f1f43929724a6a414c01a29bc51feccb445c2f0"
SRC_URI = "git://gitlab.freedesktop.org/virgl/virglrenderer.git;branch=main;protocol=https;tag=${PV} \
file://0001-meson.build-use-python3-directly-for-python.patch \
+ file://0001-c11-use-glibc-s-once_flag-ONCE_FLAG_INIT-when-presen.patch \
"
inherit meson pkgconfig features_check
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 26/47] libxcrypt: avoid discarded-qualifiers build failure with glibc 2.43
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (24 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 25/47] virglrenderer: Fix build with glibc 2.43+ Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 27/47] libxcrypt: Fix build wrt C23 support Yoann Congal
` (21 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com>
With the glibc 2.43 upgrade, building nativesdk-libxcrypt triggers a
-Wdiscarded-qualifiers warning in crypt-gost-yescrypt.c and
crypt-sm3-yescrypt.c which becomes a build failure due to -Werror.
Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8340d4be03646f0b4b599f768ddc88f502f93615)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-core/libxcrypt/libxcrypt.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc b/meta/recipes-core/libxcrypt/libxcrypt.inc
index da515d19270..1292f4288bc 100644
--- a/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -19,6 +19,7 @@ PROVIDES = "virtual/crypt"
BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}"
TARGET_CPPFLAGS = "-I${STAGING_DIR_TARGET}${includedir} -Wno-error"
CPPFLAGS:append:class-nativesdk = " -Wno-error"
+CFLAGS:append:class-nativesdk = " -Wno-error=discarded-qualifiers"
API = "--disable-obsolete-api"
EXTRA_OECONF += "${API}"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 27/47] libxcrypt: Fix build wrt C23 support
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (25 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 26/47] libxcrypt: avoid discarded-qualifiers build failure with glibc 2.43 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 28/47] libxcrypt: Use configure knob to disable warnings as errors Yoann Congal
` (20 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
latest glibc has better C23 support and exposes this problem
Fixes following errors seen in nativesdk-libxcrypt
| ../sources/libxcrypt-4.5.2/lib/crypt-sm3-yescrypt.c:139:9: error: initializing 'char *' with an expression of type 'const char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
| 139 | char *hptr = strchr ((const char *) intbuf->retval + 3, '$');
| | ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 6 errors generated.
Compared to wrynose remove lib/crypt-sm3-yescrypt.c change, because
the file doesn't exist in the version used in whinlatter, it was failing
only in lib/crypt-gost-yescrypt.c
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a666b8e71ecda97db58c90d5af137671f9823f38)
[YC: fixed patch format]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...24d6e87aeae631bc0a7bb1ba983cf8def4de.patch | 29 +++++++++++++++++++
meta/recipes-core/libxcrypt/libxcrypt.inc | 1 +
2 files changed, 30 insertions(+)
create mode 100644 meta/recipes-core/libxcrypt/files/174c24d6e87aeae631bc0a7bb1ba983cf8def4de.patch
diff --git a/meta/recipes-core/libxcrypt/files/174c24d6e87aeae631bc0a7bb1ba983cf8def4de.patch b/meta/recipes-core/libxcrypt/files/174c24d6e87aeae631bc0a7bb1ba983cf8def4de.patch
new file mode 100644
index 00000000000..75749c054a2
--- /dev/null
+++ b/meta/recipes-core/libxcrypt/files/174c24d6e87aeae631bc0a7bb1ba983cf8def4de.patch
@@ -0,0 +1,29 @@
+From 174c24d6e87aeae631bc0a7bb1ba983cf8def4de Mon Sep 17 00:00:00 2001
+From: Stanislav Zidek <szidek@redhat.com>
+Date: Wed, 10 Dec 2025 14:03:54 +0100
+Subject: [PATCH] fix -Werror=discarded-qualifiers
+
+On Fedora rawhide (to be Fedora 44), gcc became more strict
+wrt. const-ness.
+
+Upstream-Status: Backport [https://github.com/besser82/libxcrypt/pull/220 without lib/crypt-sm3-yescrypt.c]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ lib/crypt-gost-yescrypt.c | 2 +-
+ lib/crypt-sm3-yescrypt.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/crypt-gost-yescrypt.c b/lib/crypt-gost-yescrypt.c
+index 190ae94b..e9dc7e80 100644
+--- a/lib/crypt-gost-yescrypt.c
++++ b/lib/crypt-gost-yescrypt.c
+@@ -131,7 +131,7 @@ crypt_gost_yescrypt_rn (const char *phrase, size_t phr_size,
+ intbuf->outbuf[1] = 'g';
+
+ /* extract yescrypt output from "$y$param$salt$output" */
+- char *hptr = strchr ((const char *) intbuf->retval + 3, '$');
++ char *hptr = strchr ((char *) intbuf->retval + 3, '$');
+ if (!hptr)
+ {
+ errno = EINVAL;
diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc b/meta/recipes-core/libxcrypt/libxcrypt.inc
index 1292f4288bc..d84cbc9db39 100644
--- a/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSING;md5=c0a30e2b1502c55a7f37e412cd6c6a4b \
inherit autotools pkgconfig
SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https \
+ file://174c24d6e87aeae631bc0a7bb1ba983cf8def4de.patch \
"
SRCREV = "55ea777e8d567e5e86ffac917c28815ac54cc341"
SRCBRANCH ?= "master"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 28/47] libxcrypt: Use configure knob to disable warnings as errors
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (26 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 27/47] libxcrypt: Fix build wrt C23 support Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 29/47] glibc: stable 2.42 branch updates Yoann Congal
` (19 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Passing Wno-error via environment flags for target and nativesdk
is intended but is not effective due to command line ordering and
as a result some patches have been added to disable particular kind
of warning as error. Given the scenario, warnings as errors should
be disabled for all builds, this makes it portable across hosts and
across compilers ( gcc, clang ) and glibc versions.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 25f26861ddc8d71af5381d1acc883ad948bddace)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-core/libxcrypt/libxcrypt.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc b/meta/recipes-core/libxcrypt/libxcrypt.inc
index d84cbc9db39..25cb7f6178c 100644
--- a/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -18,9 +18,9 @@ SRCBRANCH ?= "master"
PROVIDES = "virtual/crypt"
BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}"
-TARGET_CPPFLAGS = "-I${STAGING_DIR_TARGET}${includedir} -Wno-error"
-CPPFLAGS:append:class-nativesdk = " -Wno-error"
-CFLAGS:append:class-nativesdk = " -Wno-error=discarded-qualifiers"
+TARGET_CPPFLAGS = "-I${STAGING_DIR_TARGET}${includedir}"
+
+EXTRA_OECONF += "--disable-werror"
API = "--disable-obsolete-api"
EXTRA_OECONF += "${API}"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 29/47] glibc: stable 2.42 branch updates
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (27 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 28/47] libxcrypt: Use configure knob to disable warnings as errors Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 30/47] spirv-tools: backport a fix for building with gcc-16 Yoann Congal
` (18 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com>
$ git log --oneline 912d89a766847649a3857985a3b5e6065c51bfd4..a56a2943d2ce541102c630142c2eae0fbfc5886b
a56a2943d2 tests: fix tst-rseq with Linux 7.0
68099ccc94 elf: parse /proc/self/maps as the last resort to find the gap for tst-link-map-contiguous-ldso
426378547e resolv: Check hostname for validity (CVE-2026-4438)
8e863fb1c9 resolv: Count records correctly (CVE-2026-4437)
1a19d5a507 posix: Run tst-wordexp-reuse-mem test
9cd9c90544 iconvdata: Fix invalid pointer arithmetic in ANSI_X3.110 module
ebd45473f5 nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940)
937ef7aaf3 Linux: In getlogin_r, use utmp fallback only for specific errors
3989780591 nss: Introduce dedicated struct nss_database_for_fork type
Testing Results:
+--------------+--------+--------+------+
| Result | Before | After | Diff |
+--------------+--------+--------+------+
| PASS | 6934 | 6938 | +4 |
| XPASS | 4 | 4 | 0 |
| FAIL | 76 | 75 | -1 |
| XFAIL | 16 | 16 | 0 |
| UNSUPPORTED | 108 | 109 | +1 |
+--------------+--------+--------+------+
Changes in testcases:
+------------------------------------------------------+--------+-------------+
| Testcase | Before | After |
+------------------------------------------------------+--------+-------------+
| elf/tst-glibc-hwcaps | FAIL | PASS |
| elf/tst-ldconfig-soname | FAIL | PASS |
| nptl/tst-thread-affinity-pthread2 | PASS | FAIL |
| nss/tst-nss-malloc-failure-getlogin_r | N/A | UNSUPPORTED |
| posix/tst-wordexp-reuse-mem | N/A | PASS |
| resolv/tst-resolv-dns-section | N/A | PASS |
| resolv/tst-resolv-invalid-ptr | N/A | PASS |
+------------------------------------------------------+--------+-------------+
Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-core/glibc/glibc-version.inc | 2 +-
meta/recipes-core/glibc/glibc_2.42.bb | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index 9991c024953..9f1003570d7 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.42/master"
PV = "2.42+git"
-SRCREV_glibc ?= "912d89a766847649a3857985a3b5e6065c51bfd4"
+SRCREV_glibc ?= "a56a2943d2ce541102c630142c2eae0fbfc5886b"
SRCREV_localedef ?= "cba02c503d7c853a38ccfb83c57e343ca5ecd7e5"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
diff --git a/meta/recipes-core/glibc/glibc_2.42.bb b/meta/recipes-core/glibc/glibc_2.42.bb
index a8717c0eae2..7e0aa3d5fc5 100644
--- a/meta/recipes-core/glibc/glibc_2.42.bb
+++ b/meta/recipes-core/glibc/glibc_2.42.bb
@@ -17,7 +17,7 @@ Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, m
easier access for another. 'ASLR bypass itself is not a vulnerability.'"
CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS"
-CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-15281 CVE-2026-0861 CVE-2026-0915"
+CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 CVE-2026-4437 CVE-2026-4438"
CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash"
DEPENDS += "gperf-native bison-native"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 30/47] spirv-tools: backport a fix for building with gcc-16
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (28 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 29/47] glibc: stable 2.42 branch updates Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 31/47] ovmf: backport a fix for build " Yoann Congal
` (17 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
Fixes:
https://errors.yoctoproject.org/Errors/Details/905195/
when building on host with gcc-16
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b4801e63d1284f3fa5006f0e24f560130c2a0a4c)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...sue-with-gcc-16-replaeces-PR-6542-65.patch | 50 +++++++++++++++++++
.../spir/spirv-tools_1.4.328.1.bb | 3 +-
2 files changed, 52 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-graphics/spir/spirv-tools/0001-opt-Fix-build-issue-with-gcc-16-replaeces-PR-6542-65.patch
diff --git a/meta/recipes-graphics/spir/spirv-tools/0001-opt-Fix-build-issue-with-gcc-16-replaeces-PR-6542-65.patch b/meta/recipes-graphics/spir/spirv-tools/0001-opt-Fix-build-issue-with-gcc-16-replaeces-PR-6542-65.patch
new file mode 100644
index 00000000000..ce58b6b8c0f
--- /dev/null
+++ b/meta/recipes-graphics/spir/spirv-tools/0001-opt-Fix-build-issue-with-gcc-16-replaeces-PR-6542-65.patch
@@ -0,0 +1,50 @@
+From aab5c96b7eb237b8bcd15e28f8aff068842db4b7 Mon Sep 17 00:00:00 2001
+From: David Neto <dneto@google.com>
+Date: Tue, 3 Mar 2026 12:11:47 -0500
+Subject: [PATCH] opt: Fix build issue with gcc 16 (replaeces PR #6542)
+ (#6567)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Compiling with gcc 16 throws this error:
+
+FAILED: [code=1]
+source/opt/CMakeFiles/SPIRV-Tools-opt.dir/decoration_manager.cpp.o
+ source/opt/decoration_manager.cpp: In member function
+‘spvtools::opt::analysis::DecorationManager::CloneDecorations(unsigned
+int, unsigned int)’:
+ source/opt/decoration_manager.cpp:546:27: error:
+‘MEM[(unsigned int &)&op + 24]’ may be used uninitialized
+[-Werror=maybe-uninitialized]
+
+546 | if (op.words[0] == from) { // add new pair of operands: (to,
+literal)
+ source/opt/decoration_manager.cpp:545:19: note: ‘op’ declared here
+ 545 | Operand op = inst->GetOperand(i);
+ | ^~
+ cc1plus: all warnings being treated as errors
+
+Make sure that the vector is not empty before using it.
+
+Co-authored-by: José Expósito <jose.exposito89@gmail.com>
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+Upstream-Status: Backport [c28f5937bce369dde1d645299a8c9873da43dc72]
+---
+ source/opt/decoration_manager.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/source/opt/decoration_manager.cpp b/source/opt/decoration_manager.cpp
+index 3e95dbc35..bee7d9482 100644
+--- a/source/opt/decoration_manager.cpp
++++ b/source/opt/decoration_manager.cpp
+@@ -543,7 +543,8 @@ void DecorationManager::CloneDecorations(uint32_t from, uint32_t to) {
+ const uint32_t num_operands = inst->NumOperands();
+ for (uint32_t i = 1; i < num_operands; i += 2) {
+ Operand op = inst->GetOperand(i);
+- if (op.words[0] == from) { // add new pair of operands: (to, literal)
++ if (!op.words.empty() &&
++ op.words[0] == from) { // add new pair of operands: (to, literal)
+ inst->AddOperand(
+ Operand(spv_operand_type_t::SPV_OPERAND_TYPE_ID, {to}));
+ op = inst->GetOperand(i + 1);
diff --git a/meta/recipes-graphics/spir/spirv-tools_1.4.328.1.bb b/meta/recipes-graphics/spir/spirv-tools_1.4.328.1.bb
index e5aedb16208..99d4e34ec5b 100644
--- a/meta/recipes-graphics/spir/spirv-tools_1.4.328.1.bb
+++ b/meta/recipes-graphics/spir/spirv-tools_1.4.328.1.bb
@@ -9,7 +9,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
SRCREV = "7f2d9ee926f98fc77a3ed1e1e0f113b8c9c49458"
SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=vulkan-sdk-1.4.328;protocol=https \
- "
+ file://0001-opt-Fix-build-issue-with-gcc-16-replaeces-PR-6542-65.patch \
+"
PE = "1"
# These recipes need to be updated in lockstep with each other:
# glslang, vulkan-headers, vulkan-loader, vulkan-tools, spirv-headers, spirv-tools
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 31/47] ovmf: backport a fix for build with gcc-16
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (29 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 30/47] spirv-tools: backport a fix for building with gcc-16 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 32/47] libpng: upgrade 1.6.55 -> 1.6.56 Yoann Congal
` (16 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
Fixes build on host with gcc-16:
StringFuncs.c: In function ‘SplitStringByWhitespace’:
StringFuncs.c:113:15: error: variable ‘Item’ set but not used [-Werror=unused-but-set-variable=]
113 | UINTN Item;
| ^~~~
and
EfiRom.c: In function ‘main’:
EfiRom.c:78:17: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
78 | if ((Ptr0 = strstr ((CONST CHAR8 *) mOptions.FileList->FileName, DEFAULT_OUTPUT_EXTENSION)) != NULL) {
| ^
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...Tools-StringFuncs-fix-gcc-16-warning.patch | 42 ++++++++++++++++++
...aseTools-EfiRom-fix-compiler-warning.patch | 44 +++++++++++++++++++
meta/recipes-core/ovmf/ovmf_git.bb | 2 +
3 files changed, 88 insertions(+)
create mode 100644 meta/recipes-core/ovmf/ovmf/0006-BaseTools-StringFuncs-fix-gcc-16-warning.patch
create mode 100644 meta/recipes-core/ovmf/ovmf/0007-BaseTools-EfiRom-fix-compiler-warning.patch
diff --git a/meta/recipes-core/ovmf/ovmf/0006-BaseTools-StringFuncs-fix-gcc-16-warning.patch b/meta/recipes-core/ovmf/ovmf/0006-BaseTools-StringFuncs-fix-gcc-16-warning.patch
new file mode 100644
index 00000000000..a465dede9c3
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0006-BaseTools-StringFuncs-fix-gcc-16-warning.patch
@@ -0,0 +1,42 @@
+From 015c26aea52a54e96319887ea542870b4804fb91 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Thu, 29 Jan 2026 09:23:32 +0100
+Subject: [PATCH] BaseTools/StringFuncs: fix gcc 16 warning
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+StringFuncs.c: In function ‘SplitStringByWhitespace’:
+StringFuncs.c:113:15: error: variable ‘Item’ set but not used [-Werror=unused-but-set-variable=]
+ 113 | UINTN Item;
+ | ^~~~
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Upstream-Status: Backport [edk2-stable202602 https://github.com/tianocore/edk2/commit/3597306191297b504683b83fe7750e49c6a2e836]
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+---
+ BaseTools/Source/C/Common/StringFuncs.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/BaseTools/Source/C/Common/StringFuncs.c b/BaseTools/Source/C/Common/StringFuncs.c
+index 53e44365e9..df02d9c808 100644
+--- a/BaseTools/Source/C/Common/StringFuncs.c
++++ b/BaseTools/Source/C/Common/StringFuncs.c
+@@ -110,7 +110,6 @@ SplitStringByWhitespace (
+ CHAR8 *EndOfSubString;
+ CHAR8 *EndOfString;
+ STRING_LIST *Output;
+- UINTN Item;
+
+ String = CloneString (String);
+ if (String == NULL) {
+@@ -120,7 +119,7 @@ SplitStringByWhitespace (
+
+ Output = NewStringList ();
+
+- for (Pos = String, Item = 0; Pos < EndOfString; Item++) {
++ for (Pos = String; Pos < EndOfString;) {
+ while (isspace ((int)*Pos)) {
+ Pos++;
+ }
diff --git a/meta/recipes-core/ovmf/ovmf/0007-BaseTools-EfiRom-fix-compiler-warning.patch b/meta/recipes-core/ovmf/ovmf/0007-BaseTools-EfiRom-fix-compiler-warning.patch
new file mode 100644
index 00000000000..7aaafe6efbf
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0007-BaseTools-EfiRom-fix-compiler-warning.patch
@@ -0,0 +1,44 @@
+From 4d2bdadcd6d45f6708b1b4827b0dc9b6e4b8edd2 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 8 Dec 2025 10:28:50 +0100
+Subject: [PATCH] BaseTools/EfiRom: fix compiler warning
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+New warning after updating gcc:
+
+EfiRom.c: In function ‘main’:
+EfiRom.c:78:17: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
+
+The assigned value is not used, so fix the warning by just removing it.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Upstream-Status: Backport [edk2-stable202602 https://github.com/tianocore/edk2/commit/9af06ef3cbb052b142f9660c2c01e7aeb401300c]
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+---
+ BaseTools/Source/C/EfiRom/EfiRom.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/BaseTools/Source/C/EfiRom/EfiRom.c b/BaseTools/Source/C/EfiRom/EfiRom.c
+index fa7bf0e62e..6e903b3504 100644
+--- a/BaseTools/Source/C/EfiRom/EfiRom.c
++++ b/BaseTools/Source/C/EfiRom/EfiRom.c
+@@ -44,7 +44,6 @@ Returns:
+ FILE_LIST *FList;
+ UINT32 TotalSize;
+ UINT32 Size;
+- CHAR8 *Ptr0;
+
+ SetUtilityName(UTILITY_NAME);
+
+@@ -75,7 +74,7 @@ Returns:
+ //
+ if (mOptions.DumpOption == 1) {
+ if (mOptions.FileList != NULL) {
+- if ((Ptr0 = strstr ((CONST CHAR8 *) mOptions.FileList->FileName, DEFAULT_OUTPUT_EXTENSION)) != NULL) {
++ if (strstr ((CONST CHAR8 *) mOptions.FileList->FileName, DEFAULT_OUTPUT_EXTENSION) != NULL) {
+ DumpImage (mOptions.FileList);
+ goto BailOut;
+ } else {
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 577310a6782..bf41bbbf6e9 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -25,6 +25,8 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https;ta
file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \
file://0003-debug-prefix-map.patch \
file://0004-reproducible.patch \
+ file://0006-BaseTools-StringFuncs-fix-gcc-16-warning.patch \
+ file://0007-BaseTools-EfiRom-fix-compiler-warning.patch \
"
PV = "edk2-stable202508"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 32/47] libpng: upgrade 1.6.55 -> 1.6.56
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (30 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 31/47] ovmf: backport a fix for build " Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 33/47] recipetool: Recognise https://git. as git urls Yoann Congal
` (15 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Release notes [1]:
* Fixed CVE-2026-33416 (high severity):
Use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`.
(Reported by Halil Oktay and Ryo Shimada;
fixed by Halil Oktay and Cosmin Truta.)
* Fixed CVE-2026-33636 (high severity):
Out-of-bounds read/write in the palette expansion on ARM Neon.
(Reported by Taegu Ha; fixed by Taegu Ha and Cosmin Truta.)
* Fixed uninitialized reads beyond `num_trans` in `trans_alpha` buffers.
(Contributed by Halil Oktay.)
* Fixed stale `info_ptr->palette` after in-place gamma and background
transforms.
* Fixed wrong channel indices in `png_image_read_and_map` RGB_ALPHA path.
(Contributed by Yuelin Wang.)
* Fixed wrong background color in colormap read.
(Contributed by Yuelin Wang.)
* Fixed dead loop in sPLT write.
(Contributed by Yuelin Wang.)
* Added missing null pointer checks in four public API functions.
(Contributed by Yuelin Wang.)
* Validated shift bit depths in `png_set_shift` to prevent infinite loop.
(Contributed by Yuelin Wang.)
* Avoided undefined behavior in library and tests.
* Deprecated the hardly-ever-tested POINTER_INDEXING config option.
* Added negative-stride test coverage for the simplified API.
* Fixed memory leaks and API misuse in oss-fuzz.
(Contributed by Owen Sanzas.)
* Implemented various fixes and improvements in oss-fuzz.
(Contributed by Bob Friesenhahn and Philippe Antoine.)
* Performed various refactorings and cleanups.
[1] https://github.com/pnggroup/libpng/blob/v1.6.56/ANNOUNCE
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 987cf163b4a4beaa540ad4f91b1a31bcfbd71b4c)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../libpng/{libpng_1.6.55.bb => libpng_1.6.56.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-multimedia/libpng/{libpng_1.6.55.bb => libpng_1.6.56.bb} (97%)
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.55.bb b/meta/recipes-multimedia/libpng/libpng_1.6.56.bb
similarity index 97%
rename from meta/recipes-multimedia/libpng/libpng_1.6.55.bb
rename to meta/recipes-multimedia/libpng/libpng_1.6.56.bb
index 18ecc9d855a..6ae500ca92b 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.55.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.56.bb
@@ -14,7 +14,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz \
file://run-ptest \
"
-SRC_URI[sha256sum] = "d925722864837ad5ae2a82070d4b2e0603dc72af44bd457c3962298258b8e82d"
+SRC_URI[sha256sum] = "f7d8bf1601b7804f583a254ab343a6549ca6cf27d255c302c47af2d9d36a6f18"
MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 33/47] recipetool: Recognise https://git. as git urls
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (31 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 32/47] libpng: upgrade 1.6.55 -> 1.6.56 Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 34/47] selftest/scripts: Update old git protocol references Yoann Congal
` (14 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
If a url has git. in it, assume it is likely to be a git cloneable url
and should be treated as such.
This allows us to switch from https://git.yoctoproject.org/git/XXX urls to
the preferred https://git.yoctoproject.org/XXX form.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cedc9209e3bae0da8d61423b16c74c49a132aa63)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
scripts/lib/recipetool/create.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index ef0ba974a99..adafaba47e5 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -368,7 +368,7 @@ def supports_srcrev(uri):
def reformat_git_uri(uri):
'''Convert any http[s]://....git URI into git://...;protocol=http[s]'''
checkuri = uri.split(';', 1)[0]
- if checkuri.endswith('.git') or '/git/' in checkuri or re.match('https?://git(hub|lab).com/[^/]+/[^/]+/?$', checkuri):
+ if checkuri.endswith('.git') or '/git/' in checkuri or re.match('https?://git(hub|lab).com/[^/]+/[^/]+/?$', checkuri) or re.match(r'https?://git\..*', checkuri):
# Appends scheme if the scheme is missing
if not '://' in uri:
uri = 'git://' + uri
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 34/47] selftest/scripts: Update old git protocol references
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (32 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 33/47] recipetool: Recognise https://git. as git urls Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 35/47] archiver: Don't try to preserve all attributes when copying files Yoann Congal
` (13 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
git protocol accesses to our infrastructure are currently struggling and this
has highlighted a number of places we're making those obsolete access forms.
Update them to use https instead of the git protocol since it is preferred
and more reliable.
The devtool test needed quoting to handle the ';' in the url. The -f option
to devtool also shows a deprecation warning so remove that.
There were internal references to git protocol urls inside the nested git
submodules test report, which means those repos need updating to use
new git revisions.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1ceba42623c5187d2f5a100d6a523abcdc75d34e)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../recipes-test/devtool/devtool-upgrade-test2_git.bb | 2 +-
.../devtool/devtool-upgrade-test2_git.bb.upgraded | 2 +-
.../recipes-test/devtool/devtool-upgrade-test5_git.bb | 4 ++--
.../devtool/devtool-upgrade-test5_git.bb.upgraded | 4 ++--
meta/lib/oeqa/selftest/cases/devtool.py | 6 +++---
meta/lib/oeqa/selftest/cases/externalsrc.py | 2 +-
meta/lib/oeqa/selftest/cases/gitarchivetests.py | 2 +-
meta/lib/oeqa/selftest/cases/sstatetests.py | 2 +-
meta/lib/oeqa/selftest/cases/yoctotestresultsquerytests.py | 2 +-
scripts/yocto_testresults_query.py | 2 +-
10 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
index 66d66e95e29..fdc85243787 100644
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
@@ -11,7 +11,7 @@ SRCREV = "1a3e1343761b30750bed70e0fd688f6d3c7b3717"
PV = "0.1+git"
PR = "r2"
-SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master"
+SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master;protocol=https"
UPSTREAM_CHECK_COMMITS = "1"
RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"
diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
index d3256ef5df8..07f7c50c775 100644
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
@@ -10,7 +10,7 @@ DEPENDS = "dbus"
SRCREV = "6cc6077a36fe2648a5f993fe7c16c9632f946517"
PV = "0.1+git"
-SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master"
+SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master;protocol=https"
UPSTREAM_CHECK_COMMITS = "1"
RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"
diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test5_git.bb b/meta-selftest/recipes-test/devtool/devtool-upgrade-test5_git.bb
index 7e8b001a287..f2a1358c8aa 100644
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test5_git.bb
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test5_git.bb
@@ -6,11 +6,11 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda
INHIBIT_DEFAULT_DEPS = "1"
# Note: this is intentionally not the latest version in the original .bb
-SRCREV = "132fea6e4dee56b61bcf5721c94e8b2445c6a017"
+SRCREV = "f280847494763cdcf71197557a81ba7d8a6bce42"
PV = "0.1+git"
PR = "r2"
-SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master"
+SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master;protocol=https"
UPSTREAM_CHECK_COMMITS = "1"
RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"
diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test5_git.bb.upgraded b/meta-selftest/recipes-test/devtool/devtool-upgrade-test5_git.bb.upgraded
index 938c46b0163..aa0d72f0ed1 100644
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test5_git.bb.upgraded
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test5_git.bb.upgraded
@@ -6,10 +6,10 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda
INHIBIT_DEFAULT_DEPS = "1"
# Note: this is intentionally not the latest version in the original .bb
-SRCREV = "a2885dd7d25380d23627e7544b7bbb55014b16ee"
+SRCREV = "0a60d6af95d22b4c50446559cd41942a8acd2d57"
PV = "0.1+git"
-SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master"
+SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master;protocol=https"
UPSTREAM_CHECK_COMMITS = "1"
RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index c7bd1831a9c..73a79b21041 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -584,7 +584,7 @@ class DevtoolAddTests(DevtoolBase):
def test_devtool_add_fetch_git(self):
tempdir = tempfile.mkdtemp(prefix='devtoolqa')
self.track_for_cleanup(tempdir)
- url = 'gitsm://git.yoctoproject.org/mraa'
+ url = 'gitsm://git.yoctoproject.org/mraa;protocol=https'
url_branch = '%s;branch=master' % url
checkrev = 'ae127b19a50aa54255e4330ccfdd9a5d058e581d'
testrecipe = 'mraa'
@@ -593,7 +593,7 @@ class DevtoolAddTests(DevtoolBase):
self.track_for_cleanup(self.workspacedir)
self.add_command_to_tearDown('bitbake -c cleansstate %s' % testrecipe)
self.add_command_to_tearDown('bitbake-layers remove-layer */workspace')
- result = runCmd('devtool add %s %s -a -f %s' % (testrecipe, srcdir, url))
+ result = runCmd('devtool add %s %s -a "%s"' % (testrecipe, srcdir, url))
self.assertExists(os.path.join(self.workspacedir, 'conf', 'layer.conf'), 'Workspace directory not created: %s' % result.output)
self.assertTrue(os.path.isfile(os.path.join(srcdir, 'imraa', 'imraa.c')), 'Unable to find imraa/imraa.c in source directory')
# Test devtool status
@@ -1996,7 +1996,7 @@ class DevtoolUpgradeTests(DevtoolBase):
self._test_devtool_upgrade_git_by_recipe('devtool-upgrade-test2', '6cc6077a36fe2648a5f993fe7c16c9632f946517')
def test_devtool_upgrade_gitsm(self):
- self._test_devtool_upgrade_git_by_recipe('devtool-upgrade-test5', 'a2885dd7d25380d23627e7544b7bbb55014b16ee')
+ self._test_devtool_upgrade_git_by_recipe('devtool-upgrade-test5', '0a60d6af95d22b4c50446559cd41942a8acd2d57')
def test_devtool_upgrade_drop_md5sum(self):
# Check preconditions
diff --git a/meta/lib/oeqa/selftest/cases/externalsrc.py b/meta/lib/oeqa/selftest/cases/externalsrc.py
index 1d800dc82ca..c127d254e36 100644
--- a/meta/lib/oeqa/selftest/cases/externalsrc.py
+++ b/meta/lib/oeqa/selftest/cases/externalsrc.py
@@ -17,7 +17,7 @@ class ExternalSrc(OESelftestTestCase):
# so we check only that a recipe with externalsrc can be parsed
def test_externalsrc_srctree_hash_files(self):
test_recipe = "git-submodule-test"
- git_url = "git://git.yoctoproject.org/git-submodule-test"
+ git_url = "https://git.yoctoproject.org/git-submodule-test"
externalsrc_dir = tempfile.TemporaryDirectory(prefix="externalsrc").name
self.write_config(
diff --git a/meta/lib/oeqa/selftest/cases/gitarchivetests.py b/meta/lib/oeqa/selftest/cases/gitarchivetests.py
index dcf0eb3be56..454f4bd4683 100644
--- a/meta/lib/oeqa/selftest/cases/gitarchivetests.py
+++ b/meta/lib/oeqa/selftest/cases/gitarchivetests.py
@@ -105,7 +105,7 @@ class GitArchiveTests(OESelftestTestCase):
delete_fake_repository(path)
def test_get_tags_without_valid_remote(self):
- url = 'git://git.yoctoproject.org/poky'
+ url = 'https://git.yoctoproject.org/poky'
path, git_obj = create_fake_repository(False, None, False)
tags = ga.get_tags(git_obj, self.log, pattern="yocto-*", url=url)
diff --git a/meta/lib/oeqa/selftest/cases/sstatetests.py b/meta/lib/oeqa/selftest/cases/sstatetests.py
index 44dd674a325..687640a4016 100644
--- a/meta/lib/oeqa/selftest/cases/sstatetests.py
+++ b/meta/lib/oeqa/selftest/cases/sstatetests.py
@@ -221,7 +221,7 @@ class SStateTests(SStateBase):
# Use dbus-wait as a local git repo we can add a commit between two builds in
pn = 'dbus-wait'
srcrev = '6cc6077a36fe2648a5f993fe7c16c9632f946517'
- url = 'git://git.yoctoproject.org/dbus-wait'
+ url = 'https://git.yoctoproject.org/dbus-wait'
result = runCmd('git clone %s noname' % url, cwd=tempdir)
srcdir = os.path.join(tempdir, 'noname')
result = runCmd('git reset --hard %s' % srcrev, cwd=srcdir)
diff --git a/meta/lib/oeqa/selftest/cases/yoctotestresultsquerytests.py b/meta/lib/oeqa/selftest/cases/yoctotestresultsquerytests.py
index b1015d60efe..be062cf7839 100644
--- a/meta/lib/oeqa/selftest/cases/yoctotestresultsquerytests.py
+++ b/meta/lib/oeqa/selftest/cases/yoctotestresultsquerytests.py
@@ -36,4 +36,4 @@ class TestResultsQueryTests(OESelftestTestCase):
shutil.rmtree(workdir, ignore_errors=True)
self.fail(f"Can not execute git commands in {workdir}")
shutil.rmtree(workdir)
- self.assertEqual(url, "git://git.yoctoproject.org/yocto-testresults")
+ self.assertEqual(url, "https://git.yoctoproject.org/yocto-testresults")
diff --git a/scripts/yocto_testresults_query.py b/scripts/yocto_testresults_query.py
index 521ead8473a..08bd8cbff17 100755
--- a/scripts/yocto_testresults_query.py
+++ b/scripts/yocto_testresults_query.py
@@ -21,7 +21,7 @@ script_path = os.path.dirname(os.path.realpath(__file__))
poky_path = os.path.abspath(os.path.join(script_path, ".."))
resulttool = os.path.abspath(os.path.join(script_path, "resulttool"))
logger = scriptutils.logger_create(sys.argv[0])
-testresults_default_url="git://git.yoctoproject.org/yocto-testresults"
+testresults_default_url="https://git.yoctoproject.org/yocto-testresults"
def create_workdir():
workdir = tempfile.mkdtemp(prefix='yocto-testresults-query.')
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 35/47] archiver: Don't try to preserve all attributes when copying files
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (33 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 34/47] selftest/scripts: Update old git protocol references Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 36/47] license.py: Drop visit_Str from SeenVisitor in selftest Yoann Congal
` (12 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Similar to https://git.openembedded.org/bitbake/commit/?id=2f35dac0c821ab231459922ed98e1b2cc599ca9a
there is a problem in this code when copying from an NFS mount.
We currently use cp -p, which is a shortcut for --preserve=mode,ownership,timestamps.
We shouldn't need to preserve mode/ownership, only timestamps. Update the code
in the same way the bitbake fetcher was fixed for consistency.
This fixes build failures on OpenSUSE 16.0.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e8313688fa994c82e4c846993ed8da0d1f4db0e)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/classes/archiver.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/archiver.bbclass b/meta/classes/archiver.bbclass
index a95c899a0f8..a48dd259fa6 100644
--- a/meta/classes/archiver.bbclass
+++ b/meta/classes/archiver.bbclass
@@ -398,7 +398,7 @@ python do_ar_mirror() {
# We now have an appropriate localpath
bb.note('Copying source mirror')
- cmd = 'cp -fpPRH %s %s' % (localpath, destdir)
+ cmd = 'cp --force --preserve=timestamps --no-dereference --recursive -H %s %s' % (localpath, destdir)
subprocess.check_call(cmd, shell=True)
}
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 36/47] license.py: Drop visit_Str from SeenVisitor in selftest
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (34 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 35/47] archiver: Don't try to preserve all attributes when copying files Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 37/47] oeqa/selftest/devtool: add vulkan feature check for test needing it Yoann Congal
` (11 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Sunil Dora <sunilkumar.dora@windriver.com>
ast.Str was deprecated in Python 3.8 and removed in Python 3.14.
In [1], visit_Str was already removed from the LicenseVisitor
subclasses (FlattenVisitor, ListVisitor) in oe/license.py since
bitbake now requires Python 3.8+.
However, the test-only SeenVisitor class in the selftest was
missed at that time and still uses visit_Str/node.s. On Python
3.14, ast.Str is fully removed so visit_Str is never called,
causing test_single_licenses to return [] instead of the
expected license list.
Replace visit_Str/node.s with visit_Constant/node.value in
SeenVisitor.
[1] https://git.openembedded.org/openembedded-core/commit/meta/lib/oe/license.py?id=6d3da37adbcaf5a7a3dade08f9d052571b195249
Fixes [YOCTO #16220]
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8a5b019eec72676893507d018e7609745d2e3f49)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/lib/oeqa/selftest/cases/oelib/license.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/lib/oeqa/selftest/cases/oelib/license.py b/meta/lib/oeqa/selftest/cases/oelib/license.py
index 5eea12e7619..49b28951f76 100644
--- a/meta/lib/oeqa/selftest/cases/oelib/license.py
+++ b/meta/lib/oeqa/selftest/cases/oelib/license.py
@@ -12,8 +12,8 @@ class SeenVisitor(oe.license.LicenseVisitor):
self.seen = []
oe.license.LicenseVisitor.__init__(self)
- def visit_Str(self, node):
- self.seen.append(node.s)
+ def visit_Constant(self, node):
+ self.seen.append(node.value)
class TestSingleLicense(TestCase):
licenses = [
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 37/47] oeqa/selftest/devtool: add vulkan feature check for test needing it
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (35 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 36/47] license.py: Drop visit_Str from SeenVisitor in selftest Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 38/47] selftest/minidebuginfo: extract files from tar archive using tarfile module Yoann Congal
` (10 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
When run with a distro without 'vulkan' DISTRO_FEATURES:
$ oe-selftest -r devtool.DevtoolUpdateTests.test_devtool_git_submodules
2026-04-14 14:36:57,036 - oe-selftest - INFO - test_devtool_git_submodules (devtool.DevtoolUpdateTests.test_devtool_git_submodules)
vulkan-samples is unavailable:
vulkan-samples was skipped: using DISTRO 'nodistro', which is missing required DISTRO_FEATURES: 'vulkan'
2026-04-14 14:37:13,002 - oe-selftest - INFO - ... ERROR
2026-04-14 14:37:13,002 - oe-selftest - INFO - Traceback (most recent call last):
File "/.../openembedded-core/meta/lib/oeqa/selftest/cases/devtool.py", line 1695, in test_devtool_git_submodules
self.assertIn('gitsm://', src_uri, 'This test expects the %s recipe to be a git recipe with submodules' % recipe)
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/unittest/case.py", line 1171, in assertIn
if member not in container:
^^^^^^^^^^^^^^^^^^^^^^^
TypeError: argument of type 'NoneType' is not iterable
This is caused by vulkan-samples being skipped because it needs the
vulkan DISTRO_FEATURES.
Note that this is not seen in testing because nodistro has vulkan
enabled by default since
2e1e7c86064 (bitbake.conf: Enable opengl ptest multiarch wayland vulkan in DISTRO_FEATURES by default, 2026-02-21)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/lib/oeqa/selftest/cases/devtool.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index 73a79b21041..23849b0bf2f 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -18,6 +18,7 @@ from oeqa.selftest.case import OESelftestTestCase
from oeqa.utils.commands import runCmd, bitbake, get_bb_var, create_temp_layer
from oeqa.utils.commands import get_bb_vars, runqemu, runqemu_check_taps, get_test_layer
from oeqa.core.decorator import OETestTag
+from oeqa.core.decorator.data import skipIfNotFeature
from bb.utils import mkdirhier, edit_bblayers_conf
oldmetapath = None
@@ -1685,6 +1686,7 @@ class DevtoolUpdateTests(DevtoolBase):
# Try building
bitbake('%s -c patch' % testrecipe)
+ @skipIfNotFeature('vulkan', 'Test requires vulkan to be in DISTRO_FEATURES (operates on vulkan-samples)')
def test_devtool_git_submodules(self):
# This tests if we can add a patch in a git submodule and extract it properly using devtool finish
# Check preconditions
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 38/47] selftest/minidebuginfo: extract files from tar archive using tarfile module
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (36 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 37/47] oeqa/selftest/devtool: add vulkan feature check for test needing it Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 39/47] selftest/gdbserver: replace shutil.unpack_archive with tarfile extract Yoann Congal
` (9 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex@linutronix.de>
Python 3.14 added security checks around archive extraction, and by
default will refuse to handle symlinks with absolute paths. It's possible
to handle this using 'filter' argument, but it is not always available
in older Python versions on various host distributions we need to support,
so let's extract only the needed files directly using tarfile module.
busybox is itself a symlink to busybox.nosuid, so both are extracted.
[YOCTO #16195]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d52d00a3bb4a1ba93e88f1d24d8bb99d6aa321eb)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/lib/oeqa/selftest/cases/minidebuginfo.py | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/meta/lib/oeqa/selftest/cases/minidebuginfo.py b/meta/lib/oeqa/selftest/cases/minidebuginfo.py
index a8923460f90..5f37522c325 100644
--- a/meta/lib/oeqa/selftest/cases/minidebuginfo.py
+++ b/meta/lib/oeqa/selftest/cases/minidebuginfo.py
@@ -6,7 +6,7 @@
import os
import subprocess
import tempfile
-import shutil
+import tarfile
from oeqa.core.decorator import OETestTag
from oeqa.selftest.case import OESelftestTestCase
@@ -33,7 +33,10 @@ IMAGE_FSTYPES = "tar.bz2"
# ".gnu_debugdata" which stores minidebuginfo.
with tempfile.TemporaryDirectory(prefix = "unpackfs-") as unpackedfs:
filename = os.path.join(bb_vars['DEPLOY_DIR_IMAGE'], "{}.tar.bz2".format(bb_vars['IMAGE_LINK_NAME']))
- shutil.unpack_archive(filename, unpackedfs)
+ with tarfile.open(filename) as tar:
+ tar.extract("./bin/busybox", path=unpackedfs)
+ tar.extract("./bin/busybox.nosuid", path=unpackedfs)
+ tar.extract("./lib/libc.so.6", path=unpackedfs)
r = runCmd([bb_vars['READELF'], "-W", "-S", os.path.join(unpackedfs, "bin", "busybox")],
native_sysroot = native_sysroot, target_sys = target_sys)
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 39/47] selftest/gdbserver: replace shutil.unpack_archive with tarfile extract
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (37 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 38/47] selftest/minidebuginfo: extract files from tar archive using tarfile module Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 40/47] oeqa/selftest: add wayland feature check for tests needing it Yoann Congal
` (8 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex@linutronix.de>
This is a followup to
https://lists.openembedded.org/g/openembedded-core/message/233609
as the same issue happened in a different selftest.
[YOCTO #16195]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c7468e70c238b056acbe06ef722b62b02626db8f)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/lib/oeqa/selftest/cases/gdbserver.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/selftest/cases/gdbserver.py b/meta/lib/oeqa/selftest/cases/gdbserver.py
index 1c713331900..fe1fa6dac1f 100644
--- a/meta/lib/oeqa/selftest/cases/gdbserver.py
+++ b/meta/lib/oeqa/selftest/cases/gdbserver.py
@@ -7,6 +7,7 @@ import os
import time
import tempfile
import shutil
+import tarfile
import concurrent.futures
from oeqa.selftest.case import OESelftestTestCase
@@ -41,7 +42,8 @@ CORE_IMAGE_EXTRA_INSTALL = "gdbserver"
filename = os.path.join(bb_vars['DEPLOY_DIR_IMAGE'], "%s-dbg.tar.bz2" % bb_vars['IMAGE_LINK_NAME'])
shutil.unpack_archive(filename, debugfs)
filename = os.path.join(bb_vars['DEPLOY_DIR_IMAGE'], "%s.tar.bz2" % bb_vars['IMAGE_LINK_NAME'])
- shutil.unpack_archive(filename, debugfs)
+ with tarfile.open(filename) as tar:
+ tar.extract("./bin/kmod", path=debugfs)
with runqemu("core-image-minimal", runqemuparams="nographic") as qemu:
status, output = qemu.run_serial("kmod --help")
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 40/47] oeqa/selftest: add wayland feature check for tests needing it
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (38 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 39/47] selftest/gdbserver: replace shutil.unpack_archive with tarfile extract Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 41/47] report-error.bbclass: replace 'codecs.open()' with 'open()' Yoann Congal
` (7 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
When run with a distro without 'wayland' DISTRO_FEATURES:
2026-04-14 17:42:00,568 - oe-selftest - INFO - FAIL: test_sstate_32_64_same_hash (sstatetests.SStateHashSameSigs.test_sstate_32_64_same_hash)
2026-04-14 17:42:00,568 - oe-selftest - INFO - ----------------------------------------------------------------------
2026-04-14 17:42:00,568 - oe-selftest - INFO - Traceback (most recent call last):
File ".../openembedded-core/meta/lib/oeqa/selftest/cases/sstatetests.py", line 407, in test_sstate_32_64_same_hash
self.sstate_hashtest("i686")
~~~~~~~~~~~~~~~~~~~~^^^^^^^^
File ".../openembedded-core/meta/lib/oeqa/core/decorator/__init__.py", line 35, in wrapped_f
return func(*args, **kwargs)
File ".../openembedded-core/meta/lib/oeqa/selftest/cases/sstatetests.py", line 371, in sstate_hashtest
bitbake("core-image-weston -S none")
~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
AssertionError: Command 'bitbake core-image-weston -S none' returned non-zero exit status 1:
...
ERROR: Nothing PROVIDES 'core-image-weston'
core-image-weston was skipped: using DISTRO 'nodistro', which is missing required DISTRO_FEATURES: 'wayland'
2026-04-14 17:42:00,568 - oe-selftest - INFO - FAIL: test_core_image_full_cmdline_weston (incompatible_lic.NoGPL3InImagesTests.test_core_image_full_cmdline_weston)
2026-04-14 17:42:00,568 - oe-selftest - INFO - ----------------------------------------------------------------------
2026-04-14 17:42:00,568 - oe-selftest - INFO - Traceback (most recent call last):
File ".../openembedded-core/meta/lib/oeqa/selftest/cases/incompatible_lic.py", line 153, in test_core_image_full_cmdline_weston
bitbake('core-image-full-cmdline core-image-weston')
~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
AssertionError: Command 'bitbake core-image-full-cmdline core-image-weston' returned non-zero exit status 1:
...
ERROR: Nothing PROVIDES 'core-image-weston'
core-image-weston was skipped: using DISTRO 'nodistro', which is missing required DISTRO_FEATURES: 'wayland'
This is caused by core-image-weston being skipped because it needs the
wayland DISTRO_FEATURES.
Note that this is not seen in testing because nodistro has wayland
enabled by default since
2e1e7c86064 (bitbake.conf: Enable opengl ptest multiarch wayland vulkan in DISTRO_FEATURES by default, 2026-02-21)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/lib/oeqa/selftest/cases/incompatible_lic.py | 2 ++
meta/lib/oeqa/selftest/cases/sstatetests.py | 2 ++
2 files changed, 4 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/incompatible_lic.py b/meta/lib/oeqa/selftest/cases/incompatible_lic.py
index 93884f57319..0e225ad02c7 100644
--- a/meta/lib/oeqa/selftest/cases/incompatible_lic.py
+++ b/meta/lib/oeqa/selftest/cases/incompatible_lic.py
@@ -5,6 +5,7 @@
#
from oeqa.selftest.case import OESelftestTestCase
from oeqa.utils.commands import bitbake
+from oeqa.core.decorator.data import skipIfNotFeature
class IncompatibleLicenseTestObsolete(OESelftestTestCase):
@@ -142,6 +143,7 @@ require conf/distro/include/no-gplv3.inc
""")
bitbake('core-image-minimal')
+ @skipIfNotFeature('wayland', 'Test requires wayland to be in DISTRO_FEATURES')
def test_core_image_full_cmdline_weston(self):
self.write_config("""
IMAGE_CLASSES += "testimage"
diff --git a/meta/lib/oeqa/selftest/cases/sstatetests.py b/meta/lib/oeqa/selftest/cases/sstatetests.py
index 687640a4016..02fd45fe0d9 100644
--- a/meta/lib/oeqa/selftest/cases/sstatetests.py
+++ b/meta/lib/oeqa/selftest/cases/sstatetests.py
@@ -15,6 +15,7 @@ import re
from oeqa.utils.commands import runCmd, bitbake, get_bb_var, create_temp_layer, get_bb_vars
from oeqa.selftest.case import OESelftestTestCase
from oeqa.core.decorator import OETestTag
+from oeqa.core.decorator.data import skipIfNotFeature
import oe
import bb.siggen
@@ -354,6 +355,7 @@ class SStateCacheManagement(SStateBase):
self.run_test_sstate_cache_management_script('m4', global_config, target_config, ignore_patterns=['populate_lic'])
class SStateHashSameSigs(SStateBase):
+ @skipIfNotFeature('wayland', 'Test requires wayland to be in DISTRO_FEATURES')
def sstate_hashtest(self, sdkmachine):
self.write_config("""
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 41/47] report-error.bbclass: replace 'codecs.open()' with 'open()'
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (39 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 40/47] oeqa/selftest: add wayland feature check for tests needing it Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 42/47] oeqa/sdk: Default to https git protocol for YP/OE repos Yoann Congal
` (6 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Trevor Gamblin <tgamblin@baylibre.com>
With newer Python versions, codecs.open() is deprecated:
https://docs.python.org/3/library/codecs.html#codecs.open
Replace it with the preferred call to open().
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(cherry picked from commit 58b9f90779d1227e30a7de4948b10e49fb5b5ac1)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/classes/report-error.bbclass | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/meta/classes/report-error.bbclass b/meta/classes/report-error.bbclass
index 2b880c8b0c7..01ac1f2a37f 100644
--- a/meta/classes/report-error.bbclass
+++ b/meta/classes/report-error.bbclass
@@ -10,19 +10,17 @@
ERR_REPORT_DIR ?= "${LOG_DIR}/error-report"
def errorreport_getdata(e):
- import codecs
logpath = e.data.getVar('ERR_REPORT_DIR')
datafile = os.path.join(logpath, "error-report.txt")
- with codecs.open(datafile, 'r', 'utf-8') as f:
+ with open(datafile, mode='r', encoding='utf-8', errors='strict') as f:
data = f.read()
return data
def errorreport_savedata(e, newdata, file):
import json
- import codecs
logpath = e.data.getVar('ERR_REPORT_DIR')
datafile = os.path.join(logpath, file)
- with codecs.open(datafile, 'w', 'utf-8') as f:
+ with open(datafile, mode='w', encoding='utf-8', errors='strict') as f:
json.dump(newdata, f, indent=4, sort_keys=True)
return datafile
@@ -86,7 +84,7 @@ python errorreport_handler () {
taskdata['task'] = task
if log:
try:
- with codecs.open(log, encoding='utf-8') as logFile:
+ with open(log, encoding='utf-8') as logFile:
logdata = logFile.read()
# Replace host-specific paths so the logs are cleaner
for d in ("TOPDIR", "TMPDIR"):
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 42/47] oeqa/sdk: Default to https git protocol for YP/OE repos
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (40 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 41/47] report-error.bbclass: replace 'codecs.open()' with 'open()' Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 43/47] scripts: " Yoann Congal
` (5 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"),
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/lib/oeqa/buildtools-docs/cases/build.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/buildtools-docs/cases/build.py b/meta/lib/oeqa/buildtools-docs/cases/build.py
index 6e3ee94292b..9f963f18f8d 100644
--- a/meta/lib/oeqa/buildtools-docs/cases/build.py
+++ b/meta/lib/oeqa/buildtools-docs/cases/build.py
@@ -15,5 +15,5 @@ class BuildTests(OESDKTestCase):
"""
def test_docs_build(self):
with tempfile.TemporaryDirectory(prefix='docs-tarball-build-', dir=self.tc.sdk_dir) as testdir:
- self._run('git clone git://git.yoctoproject.org/yocto-docs %s' % testdir)
+ self._run('git clone https://git.yoctoproject.org/yocto-docs %s' % testdir)
self._run('cd %s/documentation && make html' % testdir)
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 43/47] scripts: Default to https git protocol for YP/OE repos
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (41 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 42/47] oeqa/sdk: Default to https git protocol for YP/OE repos Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 44/47] oeqa/selftest/git-submodule-test: " Yoann Congal
` (4 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"),
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
scripts/combo-layer.conf.example | 4 ++--
scripts/contrib/patchtest.sh | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/scripts/combo-layer.conf.example b/scripts/combo-layer.conf.example
index 90e2b58723b..4ae3db45ab1 100644
--- a/scripts/combo-layer.conf.example
+++ b/scripts/combo-layer.conf.example
@@ -14,7 +14,7 @@ signoff = False
# mandatory options
# git upstream uri
-src_uri = git://git.openembedded.org/bitbake
+src_uri = https://git.openembedded.org/bitbake
# the directory to clone the component repo
local_repo_dir = /home/kyu3/src/test/bitbake
@@ -76,7 +76,7 @@ last_revision =
# that matches the original commit.
[oe-core]
-src_uri = git://git.openembedded.org/openembedded-core
+src_uri = https://git.openembedded.org/openembedded-core
local_repo_dir = /home/kyu3/src/test/oecore
dest_dir = .
last_revision =
diff --git a/scripts/contrib/patchtest.sh b/scripts/contrib/patchtest.sh
index b1e1ea334b9..550b6a88f3c 100755
--- a/scripts/contrib/patchtest.sh
+++ b/scripts/contrib/patchtest.sh
@@ -75,8 +75,8 @@ source $PTENV/bin/activate
cd $PTENV
# clone or pull
-clone git://git.yoctoproject.org/patchtest $PT
-clone git://git.yoctoproject.org/patchtest-oe $PTOE
+clone https://git.yoctoproject.org/patchtest $PT
+clone https://git.yoctoproject.org/patchtest-oe $PTOE
# install requirements
pip install -r $PT/requirements.txt --quiet
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 44/47] oeqa/selftest/git-submodule-test: Default to https git protocol for YP/OE repos
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (42 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 43/47] scripts: " Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 45/47] meta/files/layers.example.json: switch to https clone URIs Yoann Congal
` (3 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"),
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
Use ";protocol=https" for the parent git submodule and, also, update the
SRCREV to point to a commit where submodules are reference through a
https:// URL instead of a git:// one.
Update the expected output of the archiver test.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../recipes-test/git-submodule-test/git-submodule-test.bb | 4 ++--
meta/lib/oeqa/selftest/cases/archiver.py | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb b/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb
index 1c0886dcbe2..09f6b2e4a7e 100644
--- a/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb
+++ b/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb
@@ -7,8 +7,8 @@ INHIBIT_DEFAULT_DEPS = "1"
UPSTREAM_VERSION_UNKNOWN = "1"
-SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master"
-SRCREV = "a2885dd7d25380d23627e7544b7bbb55014b16ee"
+SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master;protocol=https"
+SRCREV = "f280847494763cdcf71197557a81ba7d8a6bce42"
do_test_git_as_user() {
cd ${S}
diff --git a/meta/lib/oeqa/selftest/cases/archiver.py b/meta/lib/oeqa/selftest/cases/archiver.py
index 612ec675a78..82b0293338a 100644
--- a/meta/lib/oeqa/selftest/cases/archiver.py
+++ b/meta/lib/oeqa/selftest/cases/archiver.py
@@ -335,8 +335,8 @@ class Archiver(OESelftestTestCase):
bb_vars = get_bb_vars(['DEPLOY_DIR_SRC'])
for target_file_name in [
- 'gitsmshallow_git.yoctoproject.org.git-submodule-test_a2885dd-1_master.tar.gz',
- 'gitsmshallow_git.yoctoproject.org.bitbake-gitsm-test1_bare_120f4c7-1.tar.gz',
+ 'gitsmshallow_git.yoctoproject.org.git-submodule-test_f280847-1_master.tar.gz',
+ 'gitsmshallow_git.yoctoproject.org.bitbake-gitsm-test1_bare_79a0efa-1.tar.gz',
'gitsmshallow_git.yoctoproject.org.bitbake-gitsm-test2_bare_f66699e-1.tar.gz',
'gitsmshallow_git.openembedded.org.bitbake_bare_52a144a-1.tar.gz',
'gitsmshallow_git.openembedded.org.bitbake_bare_c39b997-1.tar.gz'
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 45/47] meta/files/layers.example.json: switch to https clone URIs
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (43 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 44/47] oeqa/selftest/git-submodule-test: " Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 46/47] build-appliance-image: switch SRC_URI to https protocol Yoann Congal
` (2 subsequent siblings)
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"),
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/files/layers.example.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/files/layers.example.json b/meta/files/layers.example.json
index f3b65220831..8ea1f225e8f 100644
--- a/meta/files/layers.example.json
+++ b/meta/files/layers.example.json
@@ -20,7 +20,7 @@
"describe": "15.0-hardknott-3.3-310-g0a96edae",
"remotes": {
"origin": {
- "uri": "git://git.yoctoproject.org/meta-intel"
+ "uri": "https://git.yoctoproject.org/meta-intel"
}
},
"rev": "0a96edae609a3f48befac36af82cf1eed6786b4a"
@@ -32,7 +32,7 @@
"describe": "4.1_M1-374-g9dda719b2a",
"remotes": {
"origin": {
- "uri": "git://git.yoctoproject.org/poky"
+ "uri": "https://git.yoctoproject.org/poky"
},
"poky-contrib": {
"uri": "ssh://git@push.yoctoproject.org/poky-contrib"
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 46/47] build-appliance-image: switch SRC_URI to https protocol
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (44 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 45/47] meta/files/layers.example.json: switch to https clone URIs Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 47/47] scripts/install-buildtools: Update to 5.3.3 Yoann Congal
2026-04-16 12:08 ` [whinlatter 00/47] Patch review Hemanth Kumar M D
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"),
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-core/images/build-appliance-image_15.0.0.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index dd6b5081c10..b40ebf51d02 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -31,9 +31,9 @@ SRCREV_oe-core ?= "05d149ee0905cbce655a9e0c3767e8fdfcbb8997"
SRCREV_yocto ?= "9b98ec5e6cfb6c9dc74d3c2e6304eeb274f7c487"
SRCREV_FORMAT = "bitbake_oe-core_yocto"
-SRC_URI = "git://git.openembedded.org/bitbake;name=bitbake;branch=2.16;destsuffix=bitbake \
- git://git.openembedded.org/openembedded-core;name=oe-core;branch=whinlatter;destsuffix=openembedded-core \
- git://git.yoctoproject.org/meta-yocto;name=yocto;branch=whinlatter;destsuffix=meta-yocto \
+SRC_URI = "git://git.openembedded.org/bitbake;name=bitbake;branch=2.16;destsuffix=bitbake;protocol=https \
+ git://git.openembedded.org/openembedded-core;name=oe-core;branch=whinlatter;destsuffix=openembedded-core;protocol=https \
+ git://git.yoctoproject.org/meta-yocto;name=yocto;branch=whinlatter;destsuffix=meta-yocto;protocol=https \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
file://README_VirtualBox_Guest_Additions.txt \
^ permalink raw reply related [flat|nested] 50+ messages in thread
* [OE-core][whinlatter 47/47] scripts/install-buildtools: Update to 5.3.3
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (45 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 46/47] build-appliance-image: switch SRC_URI to https protocol Yoann Congal
@ 2026-04-16 6:47 ` Yoann Congal
2026-04-16 12:08 ` [whinlatter 00/47] Patch review Hemanth Kumar M D
47 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 6:47 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
Update to the 5.3.3 release of the 5.3 series for buildtools
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
scripts/install-buildtools | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index b9c008a2ecd..7807bde910a 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout)
DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools')
DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto'
-DEFAULT_RELEASE = 'yocto-5.3.2'
-DEFAULT_INSTALLER_VERSION = '5.3.2'
+DEFAULT_RELEASE = 'yocto-5.3.3'
+DEFAULT_INSTALLER_VERSION = '5.3.3'
DEFAULT_BUILDDATE = '202110XX'
# Python version sanity check
^ permalink raw reply related [flat|nested] 50+ messages in thread
* Re: [whinlatter 00/47] Patch review
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
` (46 preceding siblings ...)
2026-04-16 6:47 ` [OE-core][whinlatter 47/47] scripts/install-buildtools: Update to 5.3.3 Yoann Congal
@ 2026-04-16 12:08 ` Hemanth Kumar M D
2026-04-16 13:19 ` [OE-core] " Yoann Congal
47 siblings, 1 reply; 50+ messages in thread
From: Hemanth Kumar M D @ 2026-04-16 12:08 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 302 bytes --]
Hi Yoann,
As discussed, I have rebased the binutils 2.45.1 upgrade on top of your latest whinlatter branch and sent v4.
ref : https://lists.openembedded.org/g/openembedded-core/message/235400
I’d like to get this merged so that whinlatter has the latest binutils updates.
Thanks,
Hemanth
[-- Attachment #2: Type: text/html, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 50+ messages in thread
* Re: [OE-core] [whinlatter 00/47] Patch review
2026-04-16 12:08 ` [whinlatter 00/47] Patch review Hemanth Kumar M D
@ 2026-04-16 13:19 ` Yoann Congal
0 siblings, 0 replies; 50+ messages in thread
From: Yoann Congal @ 2026-04-16 13:19 UTC (permalink / raw)
To: Hemanth.KumarMD, openembedded-core
On Thu Apr 16, 2026 at 2:08 PM CEST, Hemanth Kumar M D via lists.openembedded.org wrote:
> Hi Yoann,
>
> As discussed, I have rebased the binutils 2.45.1 upgrade on top of your latest whinlatter branch and sent v4.
> ref : https://lists.openembedded.org/g/openembedded-core/message/235400
>
> I’d like to get this merged so that whinlatter has the latest binutils updates.
Thanks!
I've tested that locally and will sent it through testing on
autobuilder.
>
> Thanks,
> Hemanth
--
Yoann Congal
Smile ECS
^ permalink raw reply [flat|nested] 50+ messages in thread
end of thread, other threads:[~2026-04-16 13:20 UTC | newest]
Thread overview: 50+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-16 6:47 [OE-core][whinlatter 00/47] Patch review Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 01/47] binutils: mark CVE-2025-69650 and CVE-2025-69651 as disputed Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 02/47] binutils: Fix CVE-2025-69648 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 03/47] binutils: Fix CVE-2025-69644 CVE-2025-69647 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 04/47] binutils: Fix CVE-2025-69649 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 05/47] binutils: Fix CVE-2025-69652 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 06/47] nfs-utils: Fix CVE-2025-12801 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 07/47] sqlite3: Fix CVE-2025-70873 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 08/47] python3: upgrade 3.13.11 -> 3.13.12 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 09/47] libarchive: upgrade 3.8.5 -> 3.8.6 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 10/47] vim: Fix CVE-2026-33412 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 11/47] vim: Fix CVE-2026-28418 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 12/47] vim: Fix CVE-2026-28419 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 13/47] binutils: Fix build with GLIBC 2.43 on the host Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 14/47] gcc: backport a fix for building with gcc-16 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 15/47] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 16/47] openssl: upgrade 3.5.5 -> 3.5.6 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 17/47] go: upgrade 1.25.8 -> 1.25.9 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 18/47] dtc: backport fix for build with glibc-2.43 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 19/47] pseudo: Add fix for glibc 2.43 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 20/47] yocto-uninative: Update to 5.1 " Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 21/47] m4: backport 3 gnulib changes to fix build with glibc-2.43 on host Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 22/47] gettext: backport " Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 23/47] util-linux: backport fix to " Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 24/47] systemd: " Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 25/47] virglrenderer: Fix build with glibc 2.43+ Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 26/47] libxcrypt: avoid discarded-qualifiers build failure with glibc 2.43 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 27/47] libxcrypt: Fix build wrt C23 support Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 28/47] libxcrypt: Use configure knob to disable warnings as errors Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 29/47] glibc: stable 2.42 branch updates Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 30/47] spirv-tools: backport a fix for building with gcc-16 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 31/47] ovmf: backport a fix for build " Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 32/47] libpng: upgrade 1.6.55 -> 1.6.56 Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 33/47] recipetool: Recognise https://git. as git urls Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 34/47] selftest/scripts: Update old git protocol references Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 35/47] archiver: Don't try to preserve all attributes when copying files Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 36/47] license.py: Drop visit_Str from SeenVisitor in selftest Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 37/47] oeqa/selftest/devtool: add vulkan feature check for test needing it Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 38/47] selftest/minidebuginfo: extract files from tar archive using tarfile module Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 39/47] selftest/gdbserver: replace shutil.unpack_archive with tarfile extract Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 40/47] oeqa/selftest: add wayland feature check for tests needing it Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 41/47] report-error.bbclass: replace 'codecs.open()' with 'open()' Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 42/47] oeqa/sdk: Default to https git protocol for YP/OE repos Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 43/47] scripts: " Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 44/47] oeqa/selftest/git-submodule-test: " Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 45/47] meta/files/layers.example.json: switch to https clone URIs Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 46/47] build-appliance-image: switch SRC_URI to https protocol Yoann Congal
2026-04-16 6:47 ` [OE-core][whinlatter 47/47] scripts/install-buildtools: Update to 5.3.3 Yoann Congal
2026-04-16 12:08 ` [whinlatter 00/47] Patch review Hemanth Kumar M D
2026-04-16 13:19 ` [OE-core] " Yoann Congal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox