[Wrynose] ci: base.lock: update layers to latest#2322
Open
vkraleti wants to merge 1 commit into
Open
Conversation
vkraleti
requested review from
lumag,
mwasilew,
ndechesne,
quaresmajose and
ricardosalveti
as code owners
Update meta-arm, meta-audioreach, meta-security, meta-updater, oe-core, meta-oe and bitbake layers to the latest available SHAs on wrynose. Changes in oe-core: - 06dd66e622 build-appliance-image: Update to wrynose head revisions - d3ff03d5d9 build-appliance-image: fix branches for wrynose revisions - 0a8a1b171e build-appliance-image: Update to wrynose head revisions - 42adcd87a1 pseudo: Upgrade 1.9.6 -> 1.9.7 - 438660e297 glibc: stable 2.43 branch updates - 1e86f2d053 default-distrovars.inc: add missing spaces in append overrides - 6a3d8f5a48 bluez5: add patches to fix 8.56 gatt issue - 61189f25d1 sbom-cve-check: set PV from upstream tags and ensure version checks are correct - 7f88fba567 qemu: fix iotlb_to_section() for different AddressSpace - 0582dfa5c4 scripts/makefile-getvar: quote MAKEFILE variable - e3a4bc2d85 features-check.bbclass: add reference to required TUNE_FEATURES - 1348a20d64 shadow-native: Change upstream status of disable_syslog.patch - 342ef52502 utils: Handle unexpanded variables in DISTRO_FEATURES - 65e972685d libsoup: patch CVE-2026-2708 - ccc2ee6169 oe-pkgdata-util: fix runtime-rprovides handling in lookup_pkg error path - 941cc0a8f8 oe-pkgdata-util: fix empty runtime-rprovides directory handling - 7a8d7df9d4 efivar: Backport patch to fix -march issue for ppc64le - 0dc232f551 libarchive: set status of CVE-2026-5745 - e7cdce7987 libssh2: patch CVE-2026-7598 - 5a0d5350f6 tiff: patch CVE-2026-4775 - 89d30abf28 libsoup: set status for CVE-2026-2369 - c5140b1932 b4-config: add send-prefixes for wrynose - 1de69f93fd busybox: fix CVE-2026-29004 - 8f344d46b9 busybox: patch CVE-2024-58251 - 9d3d22ca59 sbom-cve-check-update-nvd-native: Update source revision - ff88f9e551 sbom-cve-check-update-cvelist-native: Update source revision - f8968cff87 python3-sbom-cve-check: Update to version 1.3.1 - b4f2d3c86e wireless-regdb: upgrade 2026.02.04 -> 2026.03.18 - aa4b81c7f4 tzdata/tzcode-native: upgrade 2026a -> 2026b - 545fadfed8 python3-requests: Increase chardet upper limit - ad63b16232 README: Add wrynose subject-prefix to git-send-email suggestion - 080e184ad9 glibc: Fix recipe bug that disabled stack protector - 7600cfb78c devtool: Disable gpg signing when setting up source tree repos - ae17a0efae inetutils: patch CVE-2026-32772 - b554af20ca sudo: patch CVE-2026-35535 - 50ef20ce85 libarchive: set status for CVE-2026-4426 - 140fb6c7c6 apr-util: Add CVE_PRODUCT to support product name - 11b6304014 apr: Add CVE_PRODUCT to support product name - 9ee958493b sudo: set CVE_PRODUCT - b250e7756c libsoup: patch CVE-2026-5119 - e588d672fb libsoup: set status for CVE-2026-2436 - 64dd3d9766 coreutils: set CVE_PRODUCT - 34483cc166 mirrors: remove inactive sources.openembedded.org URLs - aaf7308bfc pseudo: Update 1.9.5 -> 1.9.6 - 2a94c1f3fb ffmpeg: set status for 4 CVEs - cd090bb1fa package.py: fix kernel module file pre-filter and document strip asymmetry - 2fb2e1ed94 perf: add PACKAGECONFIG for llvm - 9ba494f3f3 bluez5: add patches to fix 8.56 cli issues - 3bab91e8a7 rust: fix codegen test failure on big-endian targets - 157d78fa94 avahi: Fix CVE-2026-34933 - 483df8aaac hwdata: upgrade 0.405 -> 0.406 - aba4e1e7bb gtk4: upgrade 4.22.1 -> 4.22.2 - 61187cff91 gtk+3: upgrade 3.24.51 -> 3.24.52 - 4cf21a256a gsettings-desktop-schemas: upgrade 50.0 -> 50.1 - 8eae456fbe groff: upgrade 1.24.0 -> 1.24.1 - e9ee4f9aec dhcpcd: upgrade 10.3.0 -> 10.3.1 - ac33aa04e2 ccache: upgrade 4.13.2 -> 4.13.3 - 8e4d03a616 classes/base: add explicit bzip2-native dependency for unpacking .bz2 - 01b601952c sed: upgrade 4.9 -> 4.10 - 620bfc832a ovmf: set status for 7 CVEs - 9747553fc3 cargo: set CVE_PRODUCT - 392b88f7d9 cargo: set status of CVE-2023-40030 - 2b29078c87 git: set status of 5 CVEs - f534348f30 python3-requests: set status for CVE-2024-47081 - 8e6c1d6aa7 python3-requests: set status for CVE-2024-35195 - 7b9dd2b6c0 rsync: set status for CVE-2024-12084 - 4441dbaac5 base-files: set status for CVE-2018-6557 - 6217ad12cc bind: set status for CVE-2017-3139 - 5896b5efe4 cve-extra-exclusions: ignore CVE-2019-2708 - 47f54c2b82 gnutls: set status for CVE-2026-1584 - 2e95f4be90 harfbuzz: set status for CVE-2024-56732 - b53adeffb7 libva: set status for CVE-2023-39929 - dab1d9448d p11-kit: set status for CVE-2026-2100 - 0e2a61f133 python3-setuptools: set status for CVE-2024-6345 - 90b45f5699 ruby: set status for CVE-2025-0306 - 402718fdfb shadow: set CVE_PRODUCT Changes in bitbake: - 22021758e README: Add "2.18" subject-prefix to git-send-email suggestion - 1b64da8f2 b4-config: add send-prefixes for 2.18/wrynose - 41393883d fetch/wget: in upstream version checks, match versioned directories exactly - 0415a0065 fetch/git: Improve temporary directory handling - a82590d57 fetch/git: Fix leaking of temporary directory Changes in meta-arm: - d3b55902 arm-bsp/docs: corstone1000-a320: Add standalone A320 documentation - 31dd0e8a arm-bsp/docs: corstone1000: Drop A320 content from base documentation - d73bc7be ci: Add Corstone-1000 with Cortex-A320 builds - 9b00ce19 arm-bsp:corstone1000: Create a standalone corstone1000-a320-fvp machine - cd1a5456 arm-bsp/docs,kas:corstone1000: Add SSH image build support - b58ffc3a arm-bsp/tf-a: corstone1000: Fix Cortex-A320 errata override - 052c2cf3 CI: use wrynose branches - eb9b2aff arm-bsp/u-boot: corstone1000: disable EFI debug support - 325134ea arm-bsp/u-boot: fix Corstone1000 FVP detection in patch set - 78354ba2 arm-bsp/trusted-firmware-m:cs1k: Use new GPT duplicate functionality - 1eaa431f arm-bsp/trusted-firmware-m:cs1k: Add extra GPT library operations - 9af92ed0 arm-bsp/trusted-firmware-m:cs1k: Add fixes for GPT library - 45266372 scripts/runfvp: fix exception handling - 9aedfffc scripts/runfvp: add Screen support - 2b0fbab1 scripts/runfvp: check available terminal types - 9d1070b4 arm-bsp/packagegroup-core-boot:cs1k: Remove GRUB from initramfs - 8eb10af8 scripts/runfvp: fix silent failure when FVP is missing - 6e1cea02 arm/generate_capsule_json_multiple: Fix --selected_components default behavior - 3b7f4ccf CI: remove meta-virtualization references - 5ad64ce7 CI: remove Xen jobs - 01abd473 arm-bsp/docs: corstone1000: Drop A320 reboot workaround note - 23189561 arm-bsp/trusted-firmware-m: corstone1000: Drive NPU reset via ext sys ctrl Changes in meta-virtualization: - 959a211f nerdctl: fix PV value - e1bdfe90 docker-compose: fix PV - 8cfa4881 conf: add kvm-host.conf configuration fragment - 29b4a51e xen: fix buildpaths QA errors for hypervisor EFI and debug packages - fb1d9123 libvirt: fix python3 compatibility in hook_support.py - f7eb4abb image-oci: don't preserve ownership in directory/file/host layer copies - 7ab69799 podlet: add podlet utility - 18c7f713 vcontainer: add BBMASK for parse savings and suppress layer warnings - cbe00443 container-registry: add multi-arch OCI push support and tests - af92db59 vcontainer-common: support nested OCI layout and fix vimport shell errors - 3d431848 oci-multiarch: fix MC defaults, deploy dependency, and OCI layout - 84e81eea vcontainer: add OCI builder distro with shared base - 4ba5825e vcontainer: add --config / VDKR_CONFIG for docker/podman auth credentials - 002f915a tests: add vcontainer auth plumbing tests - e1beca39 python3-dotenv: fix CVE-2026-28684 - f262327c vcontainer-common: fix vstorage commands with --state-dir - 3106e77f podman: fix CNI build tag for non-netavark configs - 751b99dc vcontainer-tarball: add CI-safe environment script for autobuilder - cd15723c oe-go-mod-fetcher: add license scanning for Go module deps - a66c8df6 cosign: switch to go-mod-vcs generated license scanning - 3b721edc cosign: convert to go-mod-vcs hybrid fetch - 88ae1ba5 oe-go-mod-fetcher: improve error messages with recipe-ready fix snippets - eae6e33f cosign: add recipe for container signing tool v3.0.6 - ad63ebe6 vcontainer-initramfs-create: fix kernel deploy dependency via do_build Changes in meta-audioreach: - 1a7b324 ci: reuse meta-qcom base.lock.yml and drop local overrides - c28f708 ci/qcom-distro: apply MariaDB ARMv8.3+ build fix patch - 52d1628 ci: base.lock: update layers to latest (except meta-oe) [1] - 251d46d CI: switch to nodistro and drop poky - 35d5ae3 recipes-kernel: Add VENDOR_QCOM Makefile flag - 9fd8e9d CI: Replace git protocol with HTTPS for meta-raspberrypi repository - f440c5c audioreach-graphmgr: package alsa-lib plugin library files - 1f4603f audioreach-graphmgr: Add conditional alsa-lib dependency - 60d08f5 audioreach-conf: srcrev bump e4de9ba...a8c8cf1 - 84137af audioreach-conf: Include ALSAlib configuration files in package - 8d5330a ar-graphmgr: ship versioned and unversioned .so libraries at runtime - 2e9536d CI: add base.lock.yml to pin upstream layer revisions - 2c6fc36 Enable compilation for kaanapali-mtp and sm8750-mtp targets - d63a940 audioreach-pal: switch recipes to master branch - d3cc44e audioreach-conf: srcrev bump cb9e696...e4de9ba - affb62d audioreach-graphservices: srcrev bump 9e83632...65320f2 - 3f89c7a audioreach-graphmgr: srcrev bump ee5a7d2...b5587a7 - b36ada2 ci: Make docker resource and build parallelism configurable - a7492fd Create stale-issues.yaml - 8e39167 audioreach-kernel: srcrev bump 6d3d0f0..bf478f8 - 0c8b40f audioreach-kernel: blacklist glymur ASoC machine driver - 4bf2ea1 Revert "ci/qcom-distro: fix meta-security wic" - 4645605 audioreach-kernel: srcrev bump bcf17af..6d3d0f - e8db8e8 audioreach-conf: srcrev bump 4ff045a..cb9e696 - 7551254 audioreach-pal: srcrev bump 9c39264..db8e497 - 266e322 ci/qcom-distro: fix meta-security wic Changes in meta-selinux: - 1ba26da libselinux-python: remove all RECORD files - fe92cf8 selinux-python: remove all RECORD files Changes in meta-updater: - 7f5eef0 ostree: Exclude /usr/etc in OSTree build-time relabel - f9370ea refpolicy-targeted: allow generator to read symlinks and manage runtime files - 33af541 ostree: add SELinux build-time labeling for OSTree rootfs - dd0a2fc refpolicy-targeted: Address permission denied failure on ostree - a8af243 refpolicy-targeted: fix ostree deployment path regex and add missing rules Changes in meta-security: - c0d1d62 tpm2-pkcs11: upgrade 1.9.1 -> 1.9.2 - f7d6b11 samhain: upgrade 4.5.2 -> 4.5.3 - 18c343e aide: fix pkg_postinst_ontarget shell script - e9fb34c aide-base.bbclass: correct STAGING_AIDE_DIR - 05f3f6e arpwatch: fix typos - 68d3c15 tpm2-tools: make efivar optional - 8d6cbac parsec-service: update TS group name - 57f8a1e parsec-service: do group membership modifications in useradd - 66c3818 parsec-service: assign PACKAGECONFIG in one line - 7cafc3f meta-parsec: skip Parsec CI jobs on 32-bit platforms - 45a2630 parsec-service: update version - e376bba google-authenticator-libpam: 1.0.9 -> 1.11 - 05a1e64 layer.conf: correct WARN_QA - a289f22 firejail: fix COMPATIBLE_MACHINE setting - 925357d kas config update for wrynose branch - 9265f14 README: update CI links - 5bcd679 packagegroup-core-security: remove python3-privacyidea - 5a333f4 packagegroup-core-security: add missing packages - 0743981 ncrack: update - ffdbb6d libmhash: remove - 203087e aide: upgrade to 0.19.3 - 9004924 clamav: upgrade to 1.4.4 - d0386f2 libmspack: remove - 8e4092a opendnssec: upgrade to 2.1.14 - 1792ae2 aircrack-ng: upgrade to 1.7 - cd05fe6 crowdsec: upgrade to v1.7.7 - 1dcf90f suricata: 7.0.13 -> 8.0.4 - 731c5fc krill: fix missing $ in FILES - bd6927e isic: fix RDEPENDS typo - c3ddb21 meta-security: fix incorrect HOMEPAGE variable names - d975a55 tpm2-pkcs11: fix build failure Changes in meta-openembedded: - 9af4488d46 libtsm: upgrade 4.4.3 -> 4.5.0 - ce551e0201 nftables: improve reproducibility - f543c09d25 python3-ujson: upgrade 5.12.0 -> 5.12.1 - e7a2390854 znc: upgrade 1.10.1 -> 1.10.2 - f32370958c orage: upgrade 4.20.2 -> 4.20.3 - 8eacf145c8 hunspell: upgrade 1.7.2 -> 1.7.3 - f5e824aa82 libauthen-sasl-perl: upgrade 2.1800 -> 2.2000 - bb9e2765f7 valkey: upgrade 9.0.3 -> 9.0.4 - b2657486b3 iwd: depend on the regulatory database - 3abfbefd4f thin-provisioning-tools: fix compile failure on 32bit BSPs - eeb6d01481 kmscon: upgrade 9.3.3 -> 9.3.5 - 2eb4b46762 pkcs11-provider: fix build error on 32 bit systems - 30b410cba2 jsoncpp: Fix C++11 ABI breakage when compiled with C++17 - c8e1b7771d postfix: upgrade 3.10.8 -> 3.10.9 - ec3fad00a2 cryptsetup: update udev package config - 0d15102e2d proftpd: upgrade 1.3.9 -> 1.3.9a - 5fa2647d4f postfix: make it can compile with linux 7.x - 33ecdd2e81 apache2: upgrade 2.4.66 -> 2.4.67 - 3ab4c07405 strongswan: upgrade 6.0.5 -> 6.0.6 - 2616b586ba imagemagick: upgrade 7.1.2-19 -> 7.1.2-21 - 21a481f20c fastfetch: upgrade 2.61.0 -> 2.62.1 - 3255b7d357 bubblewrap: upgrade 0.11.1 -> 0.11.2 - 319382b8ef eog: Add HOMEPAGE - f79e50c908 webkitgtk3: fix build on riscv64 - 668890a1d0 xfdesktop: upgrade 4.20.1 -> 4.20.2 - b3a00b397f vboxguestdrivers: Upgrade to 7.2.8 - 5b67c1cc01 python3-blivet: switch from setuptools3_legacy to python_setuptools_build_meta - 21970fef89 python3-aspectlib: Fix pytest compatibility - 9c27658068 libcoap: mark CVE-2026-29013 patched - 420222862f networkmanager: re-implement the vala detection - 05191ba25b memcached: drop libhugetlbfs - 0af2c62a38 mdns: Upgrade 2881.80.4.0.1 -> 2881.100.56.0.1 - 62104ea1db fftw_3.3.11.bb: Update version. - 15d5785d28 tbb: add ptest support - ecaeb93da3 frr: fix mgmtd crash on ARM32 - 41a7fe71a7 frr: upgrade 10.5.3 -> 10.6.1 - b5a792e209 jemalloc: fix always_inline build failure - 8c9adcfadb xfce4-screensaver: Make libpam and systemd dependencies conditional - 88c22e566d ebtables: Fix update-alternatives by setting ALTERNATIVE_TARGET - 6a14b73000 canopenterm: update to version 2.02+git - 36d46e1871 python3-pyfuse3: Move to meta-python - 3283baa0a4 framebuffer-vncserver: New recipe for VNC server for framebuffer - 76700b6eaf gphoto2: Fix build with clang-22 - ef548c3982 networkmanager: DISTRO_FEATURES_BACKFILL_CONSIDERED -> DISTRO_FEATURES_OPTED_OUT - fa612d7971 libspdm: update SRCREV to final 3.8.2 release - 0c9cb5fb09 opensc: ship missed installed file - f2d723ce08 python3-pyfuse3: new recipe - 07d6722816 libsoup-2.4: fix several CVEs - 740f9f71dd webkitgtk3 update 2.50.5 -> 2.50.6 - 44d5012a7c ceres-solver: Improve the build configuration - cc814c9fd1 wireplumber: update 0.5.13 -> 0.5.14 - be77fde6f6 pipewire: update 1.6.2 -> 1.6.3 Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
vkraleti
force-pushed
the
wrynose-lock-update
branch
from
88ba1ab to
5a00426
Compare
lumag
requested changes
May 31, 2026
Contributor
lumag
left a comment
lumag
left a comment
There was a problem hiding this comment.
Not until the testing is working again.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update meta-arm, meta-audioreach, meta-security, meta-updater, oe-core and bitbake layers to the latest available SHAs on wrynose branch.
Skip meta-openembedded update as audio issues are observed with pipewire upgrade to v1.6.3.