summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* tzdata: Upgrade to 2023dShubham Kulkarni2024-01-041-3/+3
| | | | | | | | | (From OE-Core rev: 227b3d4edad31b0d0045f41133271693265240b0) Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2956b1aa22129951b8c08ac06ff1ffd66811a26c) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* testimage: drop target_dumper, host_dumper, and monitor_dumperSteve Sakoman2024-01-041-24/+0
| | | | | | | | | | | | | | | | | | | The target_dumper code is basically broken. It has been reading binary files over the text base serial communication and runs at every command failure which makes no sense. Each run might overwrite files from the previous run and the output appears corrupted due to confusion from the binary data. It isn't possible to cherry-pick "testimage: Drop target_dumper and most of monitor_dumper" from master, so just make target_dumper, host_dumper, and monitor_dumper empty functions. For further details see: https://lists.openembedded.org/g/openembedded-architecture/message/1888 (From OE-Core rev: 960e7e3dffa22c2142cb672c68cd9a8f0e3998a3) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* elfutils: Disable stringop-overflow warning for build hostKhem Raj2024-01-041-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some distributions shipping gcc12 end up with stringop-overflow warnings e.g. /usr/include/bits/unistd.h:74:10: error: ‘__pread_alias’ specified size between 9223372036854775813 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=] 74 | return __glibc_fortify (pread, __nbytes, sizeof (char), | ^~~~~~~~~~~~~~~ Until fixed, lets not treat this warning as hard error MJ: this is needed e.g. on ubuntu 24.04 after gcc was upgraded from 13.2.0-8ubuntu1 to 13.2.0-9ubuntu1 which includes switch _FORTIFY_SOURCE to 3: https://changelogs.ubuntu.com/changelogs/pool/main/g/gcc-13/gcc-13_13.2.0-9ubuntu1/changelog elfutils config.log then shows: configure:6762: checking whether to add -D_FORTIFY_SOURCE=2 to CFLAGS configure:6779: gcc -c -D_FORTIFY_SOURCE=2 -isystem/work/x86_64-linux/elfutils-native/0.186-r0/recipe-sysroot-native/usr/include -O2 -pipe -Werror -isystem/work/x86_64-linux/elfutils-native/0.186-r0/recipe-sysroot-native/usr/include conftest.c >&5 <command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror] <built-in>: note: this is the location of the previous definition cc1: all warnings being treated as errors configure:6786: result: no and -D_FORTIFY_SOURCE=2 missing in CFLAGS later causes the above error in do_compile (From OE-Core rev: 94d1640d374c9a8827957cba8dbc1c1f978701b5) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* openssh: fix CVE-2023-51385Archana Polampalli2024-01-042-0/+98
| | | | | | | | | | | | | | | | | | In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. References: https://nvd.nist.gov/vuln/detail/CVE-2023-51385 Upstream patches: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a (From OE-Core rev: 617640bd045f07b0870dc9f3bc838b3a9fbc3de7) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* openssh: fix CVE-2023-51384Archana Polampalli2024-01-042-0/+172
| | | | | | | | | | | | | | | | | | In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. References: https://nvd.nist.gov/vuln/detail/CVE-2023-51384 Upstream patches: https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b (From OE-Core rev: 7a745dd1aa13fbf110cc4d86ddbc86617975d6ad) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bitbake: lib/bb: Add workaround for libgcc issues with python 3.8 and 3.9Richard Purdie2024-01-041-0/+7
| | | | | | | | | | | | | | | | | | | | | With python 3.8 and 3.9, we see intermittent errors of: libgcc_s.so.1 must be installed for pthread_cancel to work Aborted (core dumped) which seem related to: https://stackoverflow.com/questions/64797838/libgcc-s-so-1-must-be-installed-for-pthread-cancel-to-work https://bugs.ams1.psf.io/issue42888 These tend to occur on debian 11 and ubuntu 20.04. Workaround this by ensuring libgcc is preloaded in all cases. (Bitbake rev: 2c6183594279e2e9d03f11155ad969448869c863) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bitbake: data: Add missing dependency handling of remove operatorInsu Park2024-01-042-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | A recipe variable handles its dependencies even on the "contains" variables within the "inline Python expressions" like bb.utils.filter(). And it also handles those in the append operator correctly, but the problem is that it does not so in the remove operator. Fix it by adding the missing dependencies every time the remove operator has been handled. Also add a test case to check if the override operators handle dependencies correctly. (Bitbake rev: 23639edfbbb3fced7606dce211db8a31c5766585) Signed-off-by: Insu Park <insu0.park@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Cherry-picked from master: b90520eedb1dbc7f6a3928d089fe74fafb864eb5 - Conflicts in data.py are resolved as the master branch moved handle_contains() and handle_remove() out of the try block. - The test code in codeparser.py are modified as the master branch added three more arguments to the build_dependencies(). Signed-off-by: Insu Park <insu0.park@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* testimage: Exclude wtmp from target-dumper commandsRichard Purdie2023-12-221-1/+1
| | | | | | | | | | | | | | wtmp is filled with binary data which the run_serial command can't cope with. Catting this results in confusion of the serial interface and potentially large backlogs of data in the buffers which can hang qemu. Exclude the problematic files from the command. (From OE-Core rev: 2afd9a6002cba2a23dd62a1805b4be04083c041b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 599ac08a6f6fb3f6a89a897c8e06367c63c2f979) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3-ptest: skip test_storlinesTrevor Gamblin2023-12-222-0/+33
| | | | | | | | | | | | | | [YOCTO #14933] test_storlines is yet another Python ptest that fails intermittently on the Yocto AB, so disable it during ptests for now. (From OE-Core rev: b71d5ec10f8e64fc6102c66dfc36151f2b0b3c86) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit d7b9f8157e6214a83b5495e8a32e11540ae65ff8) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* externalsrc: Ensure SRCREV is processed before accessing SRC_URIYoann Congal2023-12-221-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When SRCREV is used, call bb.fetch.get_srcrev() before accessing SRC_URI. Without this new bb.fetch.get_srcrev() call, SRC_URI might be accessed before SRCREV had a chance to be processed. In master, this is fixed by https://git.yoctoproject.org/poky/commit/?id=62afa02d01794376efab75623f42e7e08af08526 However, this commit is not suited for backport since it is quite invasive. The part of the commit that fix the bug is: --- a/meta/classes/externalsrc.bbclass +++ b/meta/classes/externalsrc.bbclass @@ -63,6 +63,7 @@ python () { else: d.setVar('B', '${WORKDIR}/${BPN}-${PV}') + bb.fetch.get_hashvalue(d) local_srcuri = [] fetch = bb.fetch2.Fetch((d.getVar('SRC_URI') or '').split(), d) for url in fetch.urls: NB: bb.fetch.get_hashvalue() does not exist in kirkstone but is equivalent to bb.fetch.get_srcrev(). Fixes [YOCTO #14918] (From OE-Core rev: f6563cca6c4bf627e904d81fbe5b0b0f2b16a107) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Suggested-by: Chris Wyse <chris.wyse@wysechoice.net> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* perl: update 5.34.1 -> 5.34.3Soumya Sambu2023-12-223-4/+4
| | | | | | | | | | | | This includes security fix for CVE-2023-47038 Changes: https://metacpan.org/release/PEVANS/perl-5.34.3/changes (From OE-Core rev: d1bc5fb1d090cf93b9014a050b418499c0209080) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* openssh: backport Debian patch for CVE-2023-48795Vijay Anusuri2023-12-223-0/+508
| | | | | | | | | | | | | | | | | | | import patches from ubuntu to fix fix-authorized-principals-command CVE-2023-48795 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches?h=ubuntu/jammy-security Upstream commit https://github.com/openssh/openssh-portable/commit/fcd78e31cdd45a7e69ccfe6d8a3b1037dc1de290 & https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5] Reference: https://ubuntu.com/security/CVE-2023-48795 (From OE-Core rev: df5dc8d67e67a2aebf1a552c3e22374e305270bf) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: Fix CVE-2023-39326Soumya Sambu2023-12-222-0/+183
| | | | | | | | | | | | | | | | | | | | | | | | A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small. References: https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://security-tracker.debian.org/tracker/CVE-2023-39326 (From OE-Core rev: 448df3bb9277287dd8586987199223b7314fdd01) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix for CVE-2022-3965mark.yang2023-12-221-0/+1
| | | | | | | | | Without a CVE tag, It will be recognised as Unpatched by cve_check task. (From OE-Core rev: afc21d7fe86d26bf62e56fc611750f89fe73aa1a) Signed-off-by: mark.yang <mark.yang@lge.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix for CVE-2022-3964mark.yang2023-12-221-1/+1
| | | | | | | | | Without a CVE tag, It will be recognised as Unpatched by cve_check task. (From OE-Core rev: ce4ac3d167496d2f3a3029ef83dc418a0794c2fb) Signed-off-by: mark.yang <mark.yang@lge.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* qemu: Fix CVE-2023-5088Sourav Pramanik2023-12-222-0/+113
| | | | | | | | | | | | | | | | A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This change is to fix CVE-2023-5088. Link: https://gitlab.com/qemu-project/qemu/-/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e (From OE-Core rev: aa84c668bfe2436d36f49a422c775119e2412c8b) Signed-off-by: Sourav Pramanik <sourav.pramanik@kpit.com> Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* curl: Fix CVE-2023-46218Poonam Jadhav2023-12-222-0/+53
| | | | | | | | | | | | Add patch to fix CVE-2023-46218 Link: https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.88.1-8ubuntu2.4/curl_7.88.1-8ubuntu2.4.debian.tar.xz https://github.com/curl/curl/commit/2b0994c29a721c91c57 (From OE-Core rev: f27a93299f554e0bde610f70e6a042b4a24abf20) Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ghostscript: Backport fix for CVE-2023-46751Vijay Anusuri2023-12-222-0/+42
| | | | | | | | | Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5d2da96e81c7455338302c71a291088a8396245a] (From OE-Core rev: f01a0e7fcf3c2d277be0cd85c0cd6b2eff2e5f0a) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* test-manual: use working exampleMichael Opdenacker2023-12-211-4/+4
| | | | | | | (From yocto-docs rev: 7438d32b45b12b034a7d9c9e60b8e8c083ef85d3) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* migration-guides: add release notes for 4.0.15Lee Chee Yang2023-12-212-0/+190
| | | | | | | | (From yocto-docs rev: b6e13990229baa91d8b9b885848230d40cb9e045) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dev-manual: runtime-testing: fix test module nameMichael Opdenacker2023-12-211-1/+1
| | | | | | | (From yocto-docs rev: 15a5a6de535db637abe15c24b6d6d9d1e0fb444e) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* manuals: brief-yoctoprojectqs: align variable order with default local.confSimone Weiß2023-12-211-2/+2
| | | | | | | | | | | | Align the order from `BB_SIGNATURE_HANDLER` to `SSTATE_MIRRORS` in Quick Build with the order in the default local conf. While trivial it is easier to find, if the order matches. (From yocto-docs rev: 2ab0bdc7ff74aaddd8a556046de3410300ba560a) Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* test-manual: add or improve hyperlinksMichael Opdenacker2023-12-212-32/+31
| | | | | | | (From yocto-docs rev: d6ea0c9c7713e265f5044548112f865348b21576) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* test-manual: explicit or fix file pathsMichael Opdenacker2023-12-211-7/+5
| | | | | | | (From yocto-docs rev: f947a07350aaddb798a1348c3bd5e77faf3849e7) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* test-manual: add links to python unittestMichael Opdenacker2023-12-211-12/+16
| | | | | | | | | | Better than using "python unittest" without any special formatting. (From yocto-docs rev: 544cc1f950445d2c103c9adfa9147af1513b7a14) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* test-manual: resource updatesMichael Opdenacker2023-12-211-11/+9
| | | | | | | (From yocto-docs rev: 1a89f195eb7d9b16b481055c85632bf6524f777b) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* test-manual: text and formatting fixesMichael Opdenacker2023-12-213-46/+52
| | | | | | | (From yocto-docs rev: 330092ae9e624cef0fb8494a0deab896fb1b9026) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dev-manual: Discourage the use of SRC_URI[md5sum]Peter Kjellerstedt2023-12-212-12/+17
| | | | | | | | | | | | | | | SRC_URI[md5sum] has been deprecated for a long time. Discourage its use by removing it from examples and note that it should be replaced by SRC_URI[sha256sum] when updating recipes. Also mention that bitbake supports other checksums, though they are not commonly used. (From yocto-docs rev: fb5b87cf7322542896c269f404571a655ed6bf91) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* migration-guides: release 3.5 is actually 4.0Michael Opdenacker2023-12-213-3/+3
| | | | | | | (From yocto-docs rev: 3b09e8ab838d8b14fd259d17a6597ea43bf46578) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* docs: add CONVERSION_CMD definitionAatir Manzur2023-12-214-3/+16
| | | | | | | | (From yocto-docs rev: ba1458b04e2828e728c2815b1221e9399132d25d) Signed-off-by: Aatir Manzur <aatrapps@gmail.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* contributor-guide: fix command optionMichael Opdenacker2023-12-211-1/+1
| | | | | | | | | "--subject-prefix" applies to "git format-patch", not "git send-email" (From yocto-docs rev: cf3697cebc0494a624fa2766d07c3532ec6b4341) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* contributor-guide: add License-Update tagJustin Bronder2023-12-211-0/+12
| | | | | | | | | | | Porting from the old wiki https://www.openembedded.org/index.php?title=Commit_Patch_Message_Guidelines&oldid=10935#Describing_license_changes (From yocto-docs rev: 0ff60e3b3da409acff9599b1d511520051db0d37) Signed-off-by: Justin Bronder <jsbronder@cold-front.org> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dev-manual: layers: update link to YP Compatible formMichael Opdenacker2023-12-211-2/+2
| | | | | | | | (From yocto-docs rev: 738ce45b65dd53643303784184c43a83faed344c) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reported-by: Megan Knight <megankn@amazon.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: releases.svg: update nanbield release statusMichael Opdenacker2023-12-211-16/+16
| | | | | | | | | | - nanbield is now released - update the start and end dates (From yocto-docs rev: 51f26829e89674c55471a6a077e5f49a97db84c3) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* manuals: fix URLMichael Opdenacker2023-12-211-2/+3
| | | | | | | | | | [YOCTO #15279] (From yocto-docs rev: 37d353e82d4ba5f3637720a754769b243c29980c) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reported-by: Steve Landherr <steve-yocto@chiquapin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: Fix reference to MIRRORS/PREMIRRORS defaultsPaul Barker2023-12-211-6/+4
| | | | | | | | | | | | | | After the following meta-yocto commits, MIRRORS & PREMIRRORS are no longer set in the poky distro config file: 67b79df4fbff ("poky.conf: remove redundant MIRRORS") 1b71a3b9418f ("poky: Drop PREMIRRORS entries for scms") (From yocto-docs rev: c7882126a75e8814764379d40bf56f39da5d3c19) Signed-off-by: Paul Barker <paul.barker.ct@bp.renesas.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bitbake: toastergui: verify that an existing layer path is givenMarta Rybczynska2023-12-211-6/+7
| | | | | | | | | | | | | | Verify that an existing layer path was given when adding a new layer. Manually using the shell for globbing is unnecessary, use the glob function instead for cleaner code. (Bitbake rev: de1cf0e31f3836a449cbd17490a2f6b6a86b17f9) Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* build-appliance-image: Update to kirkstone head revisionyocto-4.0.15kirkstone-4.0.15Steve Sakoman2023-12-151-1/+1
| | | | | | (From OE-Core rev: eea685e1caafd8e8121006d3f8b5d0b8a4f2a933) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* poky.conf: bump version for 4.0.15Steve Sakoman2023-12-151-1/+1
| | | | | | (From meta-yocto rev: 77c2830ae0c3e7370f7c816796981932ba0ec99a) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* openssh: drop sudo from ptest dependenciesMikko Rapeli2023-12-152-2/+2
| | | | | | | | | | | | | | | | | The tests don't actually need sudo on core-image-ptest-openssh. Based on logs seen in https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 it seems that socket errors from sudo are creeping into stderr which are failing the banner ptest from openssh. Removing sudo should help removing the stderr messages and possibly cure the banner test failures. (From OE-Core rev: 47e754f483b674b207bfddcc8d4c5d9a3008e102) (From OE-Core rev: bce20153973ceff3ac9fc98b30e726aa6698d8ee) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-base: enable glx/opengl supportAlexander Kanavin2023-12-151-2/+4
| | | | | | | | | | | | | This is required by latest webkit when built with x11 support. (From OE-Core rev: 024edebf6f722ae4d05411be348730d9eeb3bd7c) (From OE-Core rev: 9fc0f0a15388af175bd53de5190801750064e60c) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gnutls: Backport fix for CVE-2023-5981Vijay Anusuri2023-12-152-0/+207
| | | | | | | | | | | | | Upstream-Status: Backport [import from debian https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/gnutls28/3.7.3-4ubuntu1.3/gnutls28_3.7.3-4ubuntu1.3.debian.tar.xz Upstream-Commit: https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d] References: https://ubuntu.com/security/CVE-2023-5981 (From OE-Core rev: 421b468cf48f0d2c493356f482d92e61e39d7e0e) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bluez5: fix CVE-2023-45866Archana Polampalli2023-12-152-0/+57
| | | | | | | | | | | | | | | | | | | | Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports,potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45866 Upstream patches: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 (From OE-Core rev: f03cb448574a730d85ed6d80bb58561674005ede) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* avahi: backport CVE-2023-1981 & CVE's follow-up patchesVijay Anusuri2023-12-159-25/+256
| | | | | | | | | | | | | | | | | | | | | | | | | import patches from ubuntu to fix CVE-2023-1981 CVE-2023-38469-2 CVE-2023-38470-2 CVE-2023-38471-2 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches?h=ubuntu/jammy-security Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f & https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237 & https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c & https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] Ref: https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/nanbield-nut&id=a9203c46cd64c3ec5e5b00e381bbac85733f85df (From OE-Core rev: 32c0a3dc4d65065639260e77783dc427d4b1cfe3) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* Revert "kernel-fitImage: Strip path component from dtb"Steve Sakoman2023-12-141-5/+0
| | | | | | | | | | This change breaks arm64 (and likely mips & riscv) This reverts commit 9a42349a176ca4d7a1bfab3425a0821dbcbd9368. (From OE-Core rev: b77cd331199fa62e3b162f37efca3b927c68d8e5) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* native: Clear TUNE_FEATURES/ABIEXTENSIONRichard Purdie2023-12-121-0/+2
| | | | | | | | | | | | | Some recipes reference these. Rather than continually trying to chase down the references and taskhash issues, clear the variables for an easier life and simpler code. These wouldn't convey anything useful in a native build. (From OE-Core rev: 09ecafaf0e128c4dea062d359de37cbef461aed2) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f8edeead263708889d31a7ff578ef8274cb678b4) Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust-cross: Simplfy the rust_gen_target callsRichard Purdie2023-12-122-18/+10
| | | | | | | | | | | | Match the code in rust-cross-canadian so that further simplifications can be considered in future. (From OE-Core rev: 9fb5f81f58306b2d355049698b6a17d045bd5e1e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5cb62d0a33777cb9afb1eea5f736a2580ce50dc7) Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust-cross/rust-common: Merge arm target handling code to fix cross-canadianRichard Purdie2023-12-122-6/+7
| | | | | | | | | | | | | | | | rust-cross had special handling for armv7 targets but we also need this for cross-canadian. Merge the code into the main function so everything is consistent. Also then fix the arm definition to be arm-eabi since ABI is correctly being looked up. (From OE-Core rev: 0adada8111c17e8e5a7c32cef86bdb8e7dfd79d3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ff3c3dbbd2bf1bb7bb70b55cca203e9eedcf14a8) Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust-cross-canadian: Fix ordering of target json config generationRichard Purdie2023-12-121-2/+3
| | | | | | | | | | | | | | Based upon a patch from Otavio Salvador <otavio@ossystems.com.br>, ensure the target json files are written in the correct order with the most specific last incase it overwrites earlier files if the prefixes match. (From OE-Core rev: d8c030ef90272e42a1697f5195f887d09878aa01) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1912c4e9e0ecf9655f3b3a41588b54d7956f5899) Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust-common: Set llvm-target correctly for cross SDK targetsRichard Purdie2023-12-121-1/+5
| | | | | | | | | | | | | | | | | | | | | When a 'BUILD' target is requested we shouldn't be looking at TARGET_SYS but at BUILD_SYS. Due to the way rust mangles triplets, we need the HOST_SYS triplet to work with existing code - fixing that issue is a separate patch. Also drop the arch_abi argument, it doens't make any sense to a getVar() call and was a copy and paste error. Based on a patch from Otavio Salvador <otavio@ossystems.com.br> but separated out and tweaked. Fixes: bd36593ba3 ("rust-common: Drop LLVM_TARGET and simplify") (From OE-Core rev: cccbb8358be830b83a43fe1ff8a88932dee1c228) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d554161a045d12411f288394e253c54aa4c1257c) Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>