summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* lttng-ust: upgrade 2.13.4 -> 2.13.5wangmy2022-11-091-1/+1
| | | | | | | | | | | | | | | | | | | Changelog: ========== * Fix: bytecode validator: reject specialized load field/context ref instructions * Fix: bytecode validator: reject specialized load instructions * Fix: event notification capture: validate buffer length * Fix: event notification capture error handling * Fix: lttng-ust-comm: wait on wrong child process * fix: 'make dist' without javah (From OE-Core rev: d96afd6159b696dc18a7d6ab3731ad1ac258c98c) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 569d6c271bf782cb4a524603693adbbe3d020f92) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsdl2: upgrade 2.24.0 -> 2.24.1wangmy2022-11-092-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a stable bugfix release, with the following changes: Windows Only check to see if the ICC profile changes when the display changes or we gain focus Fixed window resize handing when using the D3D12 renderer Fixed Xbox controller detection on Windows XP macOS Fixed long delay in SDL_CloseAudioDevice() Linux Fixed crash in Wayland_HasScreenKeyboardSupport() FreeBSD Fixed building without GNU sort, but warn that dynamic libraries won't be found Emscripten Fixed infinite recursion related to mutexes on startup OS/2 Fixes and improvements to SDL_LoadObject() functionality 0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch refreshed for new version. (From OE-Core rev: 3c686477cc7557060fd9152f7546f00099a630a2) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit aa45a2fad9ecd5d553c605dc6b3d4cd70d7d7776) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libksba: upgrade 1.6.0 -> 1.6.2wangmy2022-11-091-1/+1
| | | | | | | | | | | | New upstream release fixing CVE-2022-3515 (From OE-Core rev: 8e453d64255ce6a01b193c3735bb0aefbaa6fb38) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 4bef6fc673de958dfbab80bcbc2e0159803b97ee) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpebackend-fdo: upgrade 1.12.1 -> 1.14.0wangmy2022-11-091-1/+1
| | | | | | | | | | | | | | Changelog: ========== Fixed a crash caused by trying to deallocate already freed graphics buffers in certain situations. (From OE-Core rev: d650490c7786edde665472a38eb68f6db1f6aa4d) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 0db4627fe8c6f8a0080248052dc06419774cba4f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* numactl: upgrade 2.0.15 -> 2.0.16wangmy2022-11-091-2/+2
| | | | | | | | | | | | | | | | | Commits 5a99c6d: Revert "numademo: fix error on 32bit system" (Andi Kleen) 04da3af: fix the memory leak of numa_preferred api (luochenglcs) #139 86edd38: when preferred_many is not supported, fall back to preferred will (luochenglcs) #137 413a93f: add cut-release github workflow (#142) (LUCIANO FURTADO) #142 10285f1: Release numactl 2.0.16 (Filipe Brandenburger) (From OE-Core rev: 5ab90209ef18876285bd62468e9cec7a9a80608d) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 6d9ed8d4b13c2d87dae482bbadef039de050bc9d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libical: upgrade 3.0.14 -> 3.0.15wangmy2022-11-091-1/+1
| | | | | | | | | | | | | | | | | | | | | Changelog: ========= Add missing property parameters into libical-glib Fix CMake option USE_32BIT_TIME_T actually uses a 32-bit time_t value Fix icaltime_as_timet, which returned incorrect results for years >= 2100, to work properly between years 1902 and 10k. Fix x-property comma handling and escaping Built-in timezones updated to tzdata2022d (now with a VTIMEZONE for each time zone alias) Fix fuzzer issues Handle unreachable-code compile warnings with clang Ensure all vanew_foo() calls finish with (void*)0 (not 0) (From OE-Core rev: 68e89fb36d43db7a655a3a73933e403bb0932ff3) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 6092ae3cbe0eaf006db615c6cc3f1692e1cc1df8) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libcap: upgrade 2.65 -> 2.66wangmy2022-11-092-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | RELEASE NOTES FOR 2.66 Fix documentation typos in cap_from_text.3 (Bug: 216514 reported by Paulo Andrade.) Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk. Slightly more robust Makefiles to address an error with make -j48 test observed by Tomasz Kłoczko. Include a simple Go program, captrace, to trace kernel capability validation checks This program can be used to figure out what capabilities a program needs to operate. captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution. Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error. (From OE-Core rev: 21f57b4341d8520c1e7319b2b9a0616af61e0f68) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 9040e612084a561b1766bb86c9c002b811eea4c9) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: upgrade 9.0.0614 -> 9.0.0820Tim Orling2022-11-091-2/+2
| | | | | | | | | | | | | | | | | Includes fixes for CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 For a short list of important changes, see: https://www.arp242.net/vimlog/ (From OE-Core rev: 1b0ce402ef432cacb824a49aeb039732fe25dc9d) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f6d917bd0f8810b5ed8d403ad25d59cda2fc9574) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 3.0.5 -> 3.0.7Ed Tanous2022-11-042-57/+1
| | | | | | | | | | | | | | | | | | | | | | OpenSSL 3.0.5 includes a HIGH level security vulnerability [1]. Upgrade the recipe to point to 3.0.7. CVE-2022-3358 is reported fixed in 3.0.6, so drop the patch for that as well. [1] https://www.openssl.org/news/vulnerabilities.html Fixes CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ (From OE-Core rev: 48f9f92c547fac35ff398180a32a5b0829cd9fff) Signed-off-by: Ed Tanous <edtanous@google.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a69ea1f7db96ec8b853573bd581438edd42ad6e0) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.7.7 -> 3.7.8wangmy2022-11-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========= ** libgnutls: In FIPS140 mode, RSA signature verification is an approved operation if the key has modulus with known sizes (1024, 1280, 1536, and 1792 bits), in addition to any modulus sizes larger than 2048 bits, according to SP800-131A rev2. ** libgnutls: gnutls_session_channel_binding performs additional checks when GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the "tls-exporter" channel binding is only usable when the handshake is bound to a unique master secret (i.e., either TLS 1.3 or extended master secret extension is negotiated). Otherwise the function now returns error. ** libgnutls: usage of the following functions, which are designed to loosen restrictions imposed by allowlisting mode of configuration, has been additionally restricted. Invoking them is now only allowed if system-wide TLS priority string has not been initialized yet: gnutls_digest_set_secure gnutls_sign_set_secure gnutls_sign_set_secure_for_certs gnutls_protocol_set_enabled (From OE-Core rev: a583ac20cc82ede59e1a4e30708cf5434b49ce37) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 858886aa07d0c2c2ef2489996cc8eca5fbe931fa) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* overlayfs: Allow not used mount pointsVyacheslav Yurkov2022-11-042-2/+10
| | | | | | | | | | | | | | | When machine configuration defines a mount point, which is not used in any recipe, allow to fall through and only report a note in the logs. This can be expected behavior, when a mount point is defined for several machines, but not used in all of them (From OE-Core rev: c7c6b273656a3e2b8b959004b996e56d4086ce5e) Signed-off-by: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit a9c604b5e0d943b5b5f7c8bdd5be730c2abcf866) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* runqemu: Fix gl-es argument from causing other arguments to be ignoredJoshua Watt2022-11-041-1/+1
| | | | | | | | | | | | | The code to parse arguments was inadvertently skipping all arguments in the elif block after gl-es if it was specified on the command line. (From OE-Core rev: dd1dcfada1fa46ecb8227c2852769b35026875d3) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 718bb8d56f6a24c86e67830a7d13af54df2ebb4e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* runqemu: Do not perturb script environmentJoshua Watt2022-11-041-12/+14
| | | | | | | | | | | | | | | | | | | | | | | Instead of changing the script environment to affect the child processes, make a copy of the environment with modifications and pass that to subprocess. Specifically, when dri rendering is enabled, LD_PRELOAD was being passed to all processes created by the script which resulted in other commands (e.g. stty) exiting with a failure like: /bin/sh: symbol lookup error: sysroots-uninative/x86_64-linux/lib/librt.so.1: undefined symbol: __libc_unwind_link_get, version GLIBC_PRIVATE Making a copy of the environment fixes this because the LD_PRELOAD is now only passed to qemu itself. (From OE-Core rev: 91c2449d4e873b2cec8777d71e218a12f899669d) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 2232599d330bd5f2a9e206b490196569ad855de8) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu-native: Add PACKAGECONFIG option for jackJeremy Puhlman2022-11-041-0/+1
| | | | | | | | | | | | | | | | | | | | | | | With libjack-devel or jack-audio-connection-kit-devel, qemu-native detects the library/header and tries to build with it. Since its missing from the sysroot, it fails to build. -O2 -fPIE -D_REENTRANT -Wno-undef -MD -MQ libcommon.fa.p/audio_jackaudio.c.o -MF libcommon.fa.p/audio_jackaudio.c.o.d -o libcommon.fa.p/audio_jackaudio.c.o -c ../qemu-6.2.0/audio/jackaudio.c | ../qemu-6.2.0/audio/jackaudio.c:34:10: fatal error: jack/jack.h: No such file or directory | 34 | #include <jack/jack.h> | | ^~~~~~~~~~~~~ | compilation terminated. (From OE-Core rev: 7c8f23aa594175f2169df0d62051bf42d491a1bb) Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 27260be388f7f9f324ff405e7d8e254925b4ae90) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildtools-tarball: export certificates to python and curlJan-Simon Moeller2022-11-041-0/+2
| | | | | | | | | | | | | | The custom path of the ca-certificates.crt within the buildtools-tarball requires more environment variables to be exported. Namely REQUESTS_CA_BUNDLE for the python requests library and CURL_CA_BUNDLE for curl. (From OE-Core rev: facafa0f76af9cbf80f862497b66c18b3fbfa60b) Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 5c249db9de8ad8cfe0996ff4fee4c575a5ff1e34) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mesa: only apply patch to fix ALWAYS_INLINE for nativeKai Kang2022-11-041-1/+3
| | | | | | | | | | | | | | | | | | | | | | | 0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch is not needed by target mesa any more. But it still fails to compile mesa-native without this patch when DEBUG_BUILD is enabled on Ubuntu 18.04 with gcc 7.5.0: | ../mesa-22.1.6/src/compiler/nir/nir_inline_helpers.h: In function ‘nir_opt_move_block’: | ../mesa-22.1.6/src/compiler/nir/nir_opt_move.c:55:1: error: inlining failed in call to always_inline ‘src_is_ssa’: indirect function call with a yet undetermined callee | src_is_ssa(nir_src *src, void *state) | ^~~~~~~~~~ So only apply it for mesa-native. (From OE-Core rev: f6fb2da56ef1f35b536ebf62a03e10bba59d8276) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit c6a6d0c2680799683d58968c2558a224f27caaa2) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ifupdown: upgrade 0.8.37 -> 0.8.39wangmy2022-11-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | ifupdown (0.8.38) * Remove dependency on lsb-base (Closes: #1020604) * Remove pump support (no longer in Debian archive) * Fix error message when turning down VLAN interfaces. Thanks to Aleksandr Muravjov (Closes: #1007889) * Ship Ubuntu's integration scripts for systemd-resolved. Thanks to Luca Boccassi (Closes: #1016798) * Add rfkill support. Thanks to Sebastian Reichel <email address hidden> (Closes: #645559) ifupdown (0.8.39) * Add execution permission on resolved scripts. Thanks to Vincent Lefèvre (Closes: #1021259) (From OE-Core rev: 342fb3183fd1910b76c2bed242bf8b2ea179d217) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit f0462e3336c7134aeeb2684692732c187971b330) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mtools: upgrade 4.0.40 -> 4.0.41wangmy2022-11-042-4/+4
| | | | | | | | | | | | | | | | | | | | disable-hardcoded-configs.patch refreshed for new version Changelo: ========= - Made it possible again to have FAT32 filesystems with less than 0xfff5 clusters - Make FAT32 entries 0 and 1 match what windows 10 does - Misc source code and configure script cleanup (From OE-Core rev: 9ac0de44f11123876a92f7d7819d5ff2c20475b7) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit b19127f0cd0e10c7180c138284b38c97fa9db7af) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pango: upgrade 1.50.9 -> 1.50.10Ross Burton2022-11-041-1/+1
| | | | | | | | | | | | | | | Overview of changes in 1.50.10, 16-09-2022 ========================================= - Avoid some unnecessary strdups - Fix line height computations with a non-trivial CTM (From OE-Core rev: 78dc0bf6384349c23a54f59d89988ad242125581) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 884ce27b9cee231e093fe53192d04133c437404e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 9.0.0598 -> 9.0.0614Teoh Jay Shen2022-11-041-2/+2
| | | | | | | | | | | | Include fixes for CVE-2022-3352. (From OE-Core rev: 9067e3a24bc5558af6a41f2c5e6f16c37116e3ed) Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 8aa707f80ae1cfe89d5e20ec1f1632a65149aed4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meson: upgrade 0.63.2 -> 0.63.3wangmy2022-11-041-1/+1
| | | | | | | | | | (From OE-Core rev: fe33134efbe109b9f3bffa1b05fd6fed8860129c) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 3c87597dcde7676858f76c1066cd87195ecc8aef) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meson: make wrapper options sub-command specificLiam Beguin2022-11-041-4/+17
| | | | | | | | | | | | | | | | The meson-wrapper adds setup options to facilitate cross-compilation. The current options are exclusive to the setup sub-command and might cause issues with other sub-commands. Update the wrapper to make options sub-command specific. (From OE-Core rev: 4475250ee0d83cc90322f2fcd9ec8df7c05b6903) Signed-off-by: Liam Beguin <liambeguin@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 7bcda141f2019862b4fb5d8dec7956cd8344b420) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: backport the fix for CVE-2022-3165Ross Burton2022-11-042-0/+60
| | | | | | | | | | | (From OE-Core rev: d63c5b210b50a2c332a5c309298ec13b510cc7c8) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d820389728b0f5e085954b4f995da2b2014acedf) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix a typo for CVE-2022-2953.patchQiu, Zheng2022-11-041-1/+1
| | | | | | | | | | | | | The CVE number in the patch is a typo. CVE-2022-2053 is not related to libtiff. So fix it. (From OE-Core rev: 3ef84008bf729f74f1244e8b57451cdeb3a9e262) Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c9f76ef859b0b4edb83ac098816b625f52c78173) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix a number of CVEsRoss Burton2022-11-045-1/+1018
| | | | | | | | | | | | | | | | | | | Backport fixes from upstream for the following CVEs: - CVE-2022-3599 - CVE-2022-3597 - CVE-2022-3626 - CVE-2022-3627 - CVE-2022-3570 - CVE-2022-3598 (From OE-Core rev: bfd6d135a555e854e30d45ea36b0cbd612e322df) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 722bbb88777cc3c7d1c8273f1279fc18ba33e87c) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xserver-xorg: backport fixes for CVE-2022-3550 and CVE-2022-3551Ross Burton2022-11-043-0/+103
| | | | | | | | | | (From OE-Core rev: 9163db79ec90ff4b8ecd189f5fb6e44e27b9e53b) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit e32401d8bf44afcca88af7e4c5948d2c28e1813f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specificRoss Burton2022-11-041-0/+2
| | | | | | | | | | (From OE-Core rev: 2017ed15cc5b29319fe1b769c1fcfc5c2f799fd8) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 769576f36aac9652525beec5c7e8a4d26632b844) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libx11: apply the fix for CVE-2022-3554Ross Burton2022-11-042-0/+58
| | | | | | | | | | (From OE-Core rev: 3a65a787d1b53f57cd0eedbf7a70ce6dcde0d148) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 5d30f124274d2822d72b56f84eb8c8ae64e31e0d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL ↵Hitendra Prajapati2022-11-042-0/+56
| | | | | | | | | | | | | | | | | encryption Upstream-Status: Backport from https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b] Description: CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption. Affects "openssl < 3.0.6" (From OE-Core rev: c28dc71f17133f6e4470fc0c1a552c743869b3ad) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit f98b2273c6f03f8f6029a7a409600ce290817e27) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: tests/fetch: Allow handling of a file:// url within a submoduleRichard Purdie2022-10-261-2/+2
| | | | | | | | | CVE-2022-39253 in git meant file:// urls within submodules were disabled. Add a parameter to the commands in the tests to allow this to continue to work. (Bitbake rev: 209f7ba352b60722830157054e3fc56cb9c693eb) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: tests: bb.tests.fetch.URLHandle: add 2 new testsMark Asselstine2022-10-261-0/+2
| | | | | | | | | | | | | | | | | Add a test for special characters in user and password to qualify decodeurl() inspired by a bug report describing that '=' signs in a password was problematic. Add a second test to qualify decodeurl() as related to the change in commit 628c4bf6c89b [fetch2/__init__: handle @ in package names]. Relates to [YOCTO #14476] (Bitbake rev: ee04cf09c7022168c035affa654773652a49793e) Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: doc: bitbake-user-manual: expand description of BB_PRESSURE_MAX ↵Michael Opdenacker2022-10-261-17/+43
| | | | | | | | | | | variables (Bitbake rev: 72e9847dd578c3cbed52a9c16fea23ebbeef5046) Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com> Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: utils/ply: Update md5 to better report errors with hashlibMark Hatle2022-10-262-1/+13
| | | | | | | | | | | | | | | | | | | | | | In the case where hashlib is not available, the try would fail and fall through resulting in a backtrace on the usage of the 'sig'. The backtrace itself was confusing and made it difficult to determine what went wrong. Update the import to be in it's own try block with an appropriate message to indicate what went wrong. Note, the current version of ply all of this code has been restructured so this is not applicable upstream. Additionally, some versions of hashlib don't appear to implement the second FIPS related argument. Detect this and support both versions. (Bitbake rev: 484ab42f440070c0369b81f5c69da860fa47a798) Signed-off-by: Mark Hatle <mark.hatle@amd.com> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: bitbake: user-manual: inform about spaces in :removeJohan Korsnes2022-10-261-1/+2
| | | | | | | | | | | | | | | | | | | | Inform the reader that there should be no need for spaces in the value when using removal override `:remove`. Considering why spaces are used in the other override operators, it might seem obvious that they aren't needed for the removal operator. But, it seems like I'm not the first to be confused about this. Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Cc: Quentin Schulz <quentin.schulz@theobroma-systems.com> Cc: Ross Burton <ross.burton@arm.com> Cc: Nicolas Dechesne <nicolas.dechesne@linaro.org> (Bitbake rev: 0a493a772f83436cbe909de93c157f4ab2d2d136) Signed-off-by: Johan Korsnes <johan.korsnes@remarkable.no> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix SSL_CERT_FILE to match ca-certs locationRichard Purdie2022-10-261-1/+1
| | | | | | | | | | | | In OE-Core d6b15d1e70b99185cf245d829ada5b6fb99ec1af, "openssl: export necessary env vars in SDK", the value added for SSL_CERT_FILE was in conflict with the value used elsewhere, such as in buildtools. This makes them match and fixes buildtools testsdk failures. (From OE-Core rev: d40f7ddcfbdd5cb1d9f96271fefddf67e9044bb9) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* migration-guides/release-notes-4.1.rst: update Repositories / DownloadsLee Chee Yang2022-10-251-2/+0
| | | | | | | | (From yocto-docs rev: 8e0841c3418caa227c66a60327db09dfbe72054a) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lighttpd: fix CVE-2022-41556Ross Burton2022-10-252-0/+32
| | | | | | | | | Backport the fix from upstream to fix this CVE. (From OE-Core rev: 59f69125fb00dc8fd335f32fe6898e7a480141e4) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: Unified package names to lower-caseKeiya Nobuta2022-10-251-1/+1
| | | | | | | | | | | create-spdx can't detect the license properly if the case doesn't match, so fix it. (From OE-Core rev: 9c87828493784d996910d742006268a626ef0130) Signed-off-by: Keiya Nobuta <nobuta.keiya@fujitsu.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: add timeout to urlopen() callsFrank de Brabander2022-10-251-2/+7
| | | | | | | | | | | | | | | The urlopen() call can block indefinitely under some circumstances. This can result in the bitbake process to run endlessly because of the 'do_fetch' task of cve-update-bb-native to remain active. This adds a default timeout of 60 seconds to avoid this hang, while being large enough to minimize the risk of unwanted timeouts. (From OE-Core rev: e5f6652854f544106b40d860de2946954de642f3) Signed-off-by: Frank de Brabander <debrabander@gmail.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glib-2.0: fix rare GFileInfo test case failureRoss Burton2022-10-252-0/+52
| | | | | | | | | | | | | If a access or creation timestamp has 0 microseconds, then the test fails as it doesn't expect this to be a valid value. Expand a previous fix for modification times to cover these timestamps too. [ YOCTO #14373 ] (From OE-Core rev: 15715e6ad81c97cd50e288f3745615eb19be90d1) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: export necessary env vars in SDKChen Qi2022-10-251-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | In current SDK, when running the following command in python shell, we get an error. $ python3 >>> from cryptography.hazmat.backends import openssl The error message is as below: cryptography.exceptions.InternalError: Unknown OpenSSL error. We could set OPENSSL_MODULES explicitly in nativesdk-openssl package so that when SDK is set up, it's in environment and we can get rid of the above error. Also, there are other env vars that need to be exported. And we export all of them to keep sync with openssl-native.bbclass. (From OE-Core rev: d6b15d1e70b99185cf245d829ada5b6fb99ec1af) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: add dbus to RDEPENDSBartosz Golaszewski2022-10-251-0/+1
| | | | | | | | | | | | Unless we're using systemd, dbus is not pulled into the system automatically. Bluez5 will not work without dbus so add it to RDEPENDS explicitly. (From OE-Core rev: 377ef7009a8638efe688b6b61f67ae399eb1f23d) Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* zlib: use .gz archive and set a PREMIRRORRoss Burton2022-10-251-2/+7
| | | | | | | | | | | | | | When a new zlib release is made, the top-level URL is no longer available and it is only available as a .gz under the /fossils/ directory. When this happens the source fetch fails and bitbake noisily warns that it is using the mirrors. Avoid this by using the .gz tarball and add the /fossils/ directory to PREMIRRORS so fetches will check there too. (From OE-Core rev: c67f71abc61afec701c50e4e7941128eb701fb0a) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* own-mirrors: add crateAdrian Freihofer2022-10-252-1/+2
| | | | | | | | | | Support downloading crate files from a mirror at SOURCE_MIRROR_URL. (From OE-Core rev: aebf4f183267a1e2f073078ade0ddc916ceed53f) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Allow -Wno-error=poison-system-directories to take effectPeter Kjellerstedt2022-10-251-18/+18
| | | | | | | | | | | | The change in commit e903b29f (gcc-cross: pass -Werror=poison-system-directories to compiler stages) made it impossible to disable the error using -Wno-error=poison-system-directories. (From OE-Core rev: 1cb0245539f7d5277fae4e9abc7f2a0130d0caa8) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perf: Depend on native setuptools3Khem Raj2022-10-251-1/+1
| | | | | | | | | | | | perf has need for python setuptools when scripting is enabled from 6.0.0 onwards it seems to throw an explicit error (From OE-Core rev: da3d00178809bbf7cc453401e0c5937796ebc2c1) Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* u-boot: Add savedefconfig taskAlex Kiernan2022-10-251-0/+7
| | | | | | | | | | | Add savedefconfig task which U-Boot supports (unfortunately not all consumers of cml1 support this). (From OE-Core rev: efc54f1f836651c8ef27a683a9e5d583c8ce87a6) Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* u-boot: Remove duplicate inherit of cml1Alex Kiernan2022-10-251-1/+1
| | | | | | | | | | | | Splitting u-boot-configure.inc out of the base left duplicate cml1.bbclass in the base include. Fixes: fc9a17ad386c ("u-boot: Split do_configure logic into separate file") (From OE-Core rev: 286f91f7659307bcdf0ba541b8d6b56db5604ceb) Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oe/packagemanager/rpm: don't leak file objectsRoss Burton2022-10-251-12/+21
| | | | | | | (From OE-Core rev: 28706c27680745c9f8df27713ce63ef5d611138c) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* insane.bbclass: Allow hashlib version that only accepts on parameterMark Hatle2022-10-251-1/+4
| | | | | | | | | | | | Some versions of hashlib don't appear to implement the second FIPS related argument. Detect this and support both versions. (From OE-Core rev: 2bbabed51e3aca138486d3feef640f5d3249be40) Signed-off-by: Mark Hatle <mark.hatle@amd.com> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-11 12:14:07 +0000