| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release notes:
* Feature: support for rx-flow-hash gtp (-N)
* Feature: support for RSS input transformation (-X)
* Fix: typo in coalescing output (-c)
* Fix: document all debugging flags in man page
(From OE-Core rev: 302bbd0fdb1b41ec98e281cacbb77a54ce8d689d)
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Provide references for how the SRCREV was arrived at for the 20240203
release.
(From OE-Core rev: 6916cdb0f05f6644edb1e432a9421595abb9f0ca)
Signed-off-by: Theodore A. Roth <troth@openavr.org>
Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix following error:
File "/usr/lib64/rt-tests/ptest/./rt_bmark.py", line 287, in run_cyclictest_once
m = rex.search(line)
^^^^^^^^^^^^^^^^
TypeError: cannot use a string pattern on a bytes-like object
(From OE-Core rev: c5108da4009ccd3dfc92632171d6bc4dae4507db)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This is open yet but seems to be disputed
(From OE-Core rev: 4cba8ad405b1728afda3873f99ac88711ab85644)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Those were removed quite some time ago:
- perms: 5da7ad1a483d0840a9a2e3b95fa62a1901be73f2
- split-strip: bcc03ea19e103f6aa93bada2f49fcc5cc7bc0790
- (compile|install)-host-path: a67e9ebfd5b8002fd4a7d8d27ff0d997817f76e1
(From OE-Core rev: 068d3821430734132c3eb70fd95461e0917fd1e8)
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'codegen-units' option split the crate into multiple compilation units for parallel compilation. Currently, this split is causing the rustdoc to generate differnt binary between the builds.
To fix this the codegen-units & the lto options are disabled.
More info about options:
https://doc.rust-lang.org/cargo/reference/profiles.html#codegen-units
https://doc.rust-lang.org/rustc/codegen-options/index.html#lto
(From OE-Core rev: 0c00875de10b171f4ff2990af351a8124ec7e972)
Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tarball SPDX manifests
Currently, "tarball" sdk based recipes don't generate SPDX manifests as they
don't include the rootfs generation classes. Split the SPDX 3.0 image class into
two so the SDK components can be included where needed.
To do this, introduce an SDK_CLASSES variable similar to IMAGE_CLASSES which
the SDK code can use.
Migrate testsdk usage to this.
Also move the image/sdk spdx classes to classes-recipe rather than the general classes
directory since they'd never be included on a global level.
For buildtools-tarball, it has its own testsdk functions so disable the class there as
a deferred inherit would overwrite it.
(From OE-Core rev: 662396533177b72cc1d83e95841b27f7e42dcb20)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
Update to a new revision which includes "Bugfix for Linux open(O_CREAT|O_EXCL)"
(From OE-Core rev: 92a9710ec88c8729fa3d83baa2e63dd74d95cdf8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Newlib generally requires additional components to function. Skip the
cases where newlib is known to not work.
(From OE-Core rev: b9934755554e40d9980b90c3d541f4c702203561)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This CVE status should have been removed on version update.
CPE says >=2.34 and <2.39 while our version is already 2.40.
(From OE-Core rev: b568a8f428e76f75bb8c374983f62822325ebe8a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Whilst bmaptool has a pyproject.toml that uses poetry, the setuptools
build path appears to be more complete. Upstream has moved to hatch and
removed setup.py entirely so the next release can drop this.
(From OE-Core rev: 824009560776933922a92a00c2199c28c9c8379c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upstream has a pyproject.toml but it's marked as experimental and does
not currently work at all with the meson-python release we currently
have.
(From OE-Core rev: a09ad3838a00d2b4781850759ca857822ba330e1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Enable the new pep517-backend warning from setuptools3, initially as a
warning so as not to break builds straight away.
(From OE-Core rev: 27597d986ad7b3a6c2d36150a163951be7c640f1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some recipes use setuptools3 but should be using a PEP517-compliant
backend, be it the setuptools itself via python_setuptools_build_meta or
an alternative backend such as flit/hatch/poetry.
As we can't currently assume Python 3.11 on the build host we need to
parse the pyproject.toml manually, but this should be sufficient for the
limited parsing needed.
This task emits a QA error if a build backend is set, and can be ignored
by using INSANE_SKIP if needed.
[ YOCTO #14736 ]
(From OE-Core rev: a9d800f6cdfcedbe3de8366d935ee5f0c8557c06)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- drop the CVE-2024-6387 [backported patch]
- drop systemd notify [backported patch]
- fix musl build [backported patch]
- fix ptest regression [submited patch]
- sshd now had the sshd-session
Release notes at https://www.openssh.com/txt/release-9.8
Security
========
This release contains fixes for two security problems, one critical
and one minor.
1) Race condition in sshd(8)
A critical vulnerability in sshd(8) was present in Portable OpenSSH
versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary
code execution with root privileges.
Successful exploitation has been demonstrated on 32-bit Linux/glibc
systems with ASLR. Under lab conditions, the attack requires on
average 6-8 hours of continuous connections up to the maximum the
server will accept. Exploitation on 64-bit systems is believed to be
possible but has not been demonstrated at this time. It's likely that
these attacks will be improved upon.
Exploitation on non-glibc systems is conceivable but has not been
examined. Systems that lack ASLR or users of downstream Linux
distributions that have modified OpenSSH to disable per-connection
ASLR re-randomisation (yes - this is a thing, no - we don't
understand why) may potentially have an easier path to exploitation.
OpenBSD is not vulnerable.
We thank the Qualys Security Advisory Team for discovering, reporting
and demonstrating exploitability of this problem, and for providing
detailed feedback on additional mitigation measures.
2) Logic error in ssh(1) ObscureKeystrokeTiming
In OpenSSH version 9.5 through 9.7 (inclusive), when connected to an
OpenSSH server version 9.5 or later, a logic error in the ssh(1)
ObscureKeystrokeTiming feature (on by default) rendered this feature
ineffective - a passive observer could still detect which network
packets contained real keystrokes when the countermeasure was active
because both fake and real keystroke packets were being sent
unconditionally.
This bug was found by Philippos Giavridis and also independently by
Jacky Wei En Kung, Daniel Hugenroth and Alastair Beresford of the
University of Cambridge Computer Lab.
Worse, the unconditional sending of both fake and real keystroke
packets broke another long-standing timing attack mitigation. Since
OpenSSH 2.9.9 sshd(8) has sent fake keystoke echo packets for
traffic received on TTYs in echo-off mode, such as when entering a
password into su(8) or sudo(8). This bug rendered these fake
keystroke echoes ineffective and could allow a passive observer of
a SSH session to once again detect when echo was off and obtain
fairly limited timing information about keystrokes in this situation
(20ms granularity by default).
This additional implication of the bug was identified by Jacky Wei
En Kung, Daniel Hugenroth and Alastair Beresford and we thank them
for their detailed analysis.
This bug does not affect connections when ObscureKeystrokeTiming
was disabled or sessions where no TTY was requested.
Future deprecation notice
=========================
OpenSSH plans to remove support for the DSA signature algorithm in
early 2025. This release disables DSA by default at compile time.
DSA, as specified in the SSHv2 protocol, is inherently weak - being
limited to a 160 bit private key and use of the SHA1 digest. Its
estimated security level is only 80 bits symmetric equivalent.
OpenSSH has disabled DSA keys by default since 2015 but has retained
run-time optional support for them. DSA was the only mandatory-to-
implement algorithm in the SSHv2 RFCs, mostly because alternative
algorithms were encumbered by patents when the SSHv2 protocol was
specified.
This has not been the case for decades at this point and better
algorithms are well supported by all actively-maintained SSH
implementations. We do not consider the costs of maintaining DSA
in OpenSSH to be justified and hope that removing it from OpenSSH
can accelerate its wider deprecation in supporting cryptography
libraries.
This release, and its deactivation of DSA by default at compile-time,
marks the second step in our timeline to finally deprecate DSA. The
final step of removing DSA support entirely is planned for the first
OpenSSH release of 2025.
DSA support may be re-enabled in OpenBSD by setting "DSAKEY=yes"
in Makefile.inc. To enable DSA support in portable OpenSSH, pass
the "--enable-dsa-keys" option to configure.
Potentially-incompatible changes
--------------------------------
* all: as mentioned above, the DSA signature algorithm is now
disabled at compile time.
* sshd(8): the server will now block client addresses that
repeatedly fail authentication, repeatedly connect without ever
completing authentication or that crash the server. See the
discussion of PerSourcePenalties below for more information.
Operators of servers that accept connections from many users, or
servers that accept connections from addresses behind NAT or
proxies may need to consider these settings.
* sshd(8): the server has been split into a listener binary, sshd(8),
and a per-session binary "sshd-session". This allows for a much
smaller listener binary, as it no longer needs to support the SSH
protocol. As part of this work, support for disabling privilege
separation (which previously required code changes to disable) and
disabling re-execution of sshd(8) has been removed. Further
separation of sshd-session into additional, minimal binaries is
planned for the future.
* sshd(8): several log messages have changed. In particular, some
log messages will be tagged with as originating from a process
named "sshd-session" rather than "sshd".
* ssh-keyscan(1): this tool previously emitted comment lines
containing the hostname and SSH protocol banner to standard error.
This release now emits them to standard output, but adds a new
"-q" flag to silence them altogether.
* sshd(8): (portable OpenSSH only) sshd will no longer use argv[0]
as the PAM service name. A new "PAMServiceName" sshd_config(5)
directive allows selecting the service name at runtime. This
defaults to "sshd". bz2101
* (portable OpenSSH only) Automatically-generated files, such as
configure, config.h.in, etc will now be checked in to the portable
OpenSSH git release branch (e.g. V_9_8). This should ensure that
the contents of the signed release branch exactly match the
contents of the signed release tarball.
Changes since OpenSSH 9.7
=========================
This release contains mostly bugfixes.
New features
------------
* sshd(8): as described above, sshd(8) will now penalise client
addresses that, for various reasons, do not successfully complete
authentication. This feature is controlled by a new sshd_config(5)
PerSourcePenalties option and is on by default.
sshd(8) will now identify situations where the session did not
authenticate as expected. These conditions include when the client
repeatedly attempted authentication unsucessfully (possibly
indicating an attack against one or more accounts, e.g. password
guessing), or when client behaviour caused sshd to crash (possibly
indicating attempts to exploit bugs in sshd).
When such a condition is observed, sshd will record a penalty of
some duration (e.g. 30 seconds) against the client's address. If
this time is above a minimum configurable threshold, then all
connections from the client address will be refused (along with any
others in the same PerSourceNetBlockSize CIDR range) until the
penalty expire.
Repeated offenses by the same client address will accrue greater
penalties, up to a configurable maximum. Address ranges may be
fully exempted from penalties, e.g. to guarantee access from a set
of trusted management addresses, using the new sshd_config(5)
PerSourcePenaltyExemptList option.
We hope these options will make it significantly more difficult for
attackers to find accounts with weak/guessable passwords or exploit
bugs in sshd(8) itself. This option is enabled by default.
* ssh(8): allow the HostkeyAlgorithms directive to disable the
implicit fallback from certificate host key to plain host keys.
Bugfixes
--------
* misc: fix a number of inaccuracies in the PROTOCOL.*
documentation files. GHPR430 GHPR487
* all: switch to strtonum(3) for more robust integer parsing in most
places.
* ssh(1), sshd(8): correctly restore sigprocmask around ppoll()
* ssh-keysign(8): stricter validation of messaging socket fd GHPR492
* sftp(1): flush stdout after writing "sftp>" prompt when not using
editline. GHPR480
* sftp-server(8): fix home-directory extension implementation, it
previously always returned the current user's home directory
contrary to the spec. GHPR477
* ssh-keyscan(1): do not close stdin to prevent error messages when
stdin is read multiple times. E.g.
echo localhost | ssh-keyscan -f - -f -
* regression tests: fix rekey test that was testing the same KEX
algorithm repeatedly instead of testing all of them. bz3692
* ssh_config(5), sshd_config(5): clarify the KEXAlgorithms directive
documentation, especially around what is supported vs available.
bz3701.
Portability
-----------
* sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules
unconditionally. The previous behaviour was to expose it only when
particular authentication methods were in use.
* build: fix OpenSSL ED25519 support detection. An incorrect function
signature in configure.ac previously prevented enabling the recently
added support for ED25519 private keys in PEM PKCS8 format.
* ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY
environment variable to enable SSH_ASKPASS, similarly to the X11
DISPLAY environment variable. GHPR479
* build: improve detection of the -fzero-call-used-regs compiler
flag. bz3673.
* build: relax OpenSSL version check to accept all OpenSSL 3.x
versions.
* sshd(8): add support for notifying systemd on server listen and
reload, using a standalone implementation that doesn't depend on
libsystemd. bz2641
(From OE-Core rev: 4e2834f67d32894d1cac5fc9ac5234816765245e)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Drop our sd-notify patch and switch to the upstream standalone
implementation that does not depend on libsystemd.
(From OE-Core rev: 07522f85a987b673b0a3c98690c3c17ab0c4b608)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 1a2fef1d70c8083e65325dfa8a5cae7d8443951b)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The implementation uses the append operator to include
GLIBC_64BIT_TIME_FLAGS in TARGET_CC_ARCH, but it places the space in
the GLIBC_64BIT_TIME_FLAGS assignment in order to avoid a 'spurious
space' when the value is empty.
68b50d3 time64: Remove leading whitespace from GLIBC_64BIT_TIME_FLAGS
The problem with this is it requires anyone wishing to assign a value
to GLIBC_64BIT_TIME_FLAGS to add the leading space, otherwise this is
the error:
cc1: error: '-Werror=format-security-D_TIME_BITS=64': no option '-Wformat-security-D_TIME_BITS=64'
Add a new constant variable to capture the value needed for the 32-bit
special case, including the space.
(From OE-Core rev: e8177827f92e71c80c5b63453d8bbd1defbe1fbc)
Signed-off-by: Tom Hochstein <tom.hochstein@oss.nxp.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a create-spdx-* classes is processing documents, it needs to
find the document in a path that is related to the SSTATE_ARCH
when a packge is generated. The SSTATE_ARCH can be affected by
multilib configurations, resulting is something like armv8a-mlib.
When the image (or SDK) is being generated and the components are
collected, the system has no knowledge of the multilib arch and
will fail to find it, such as:
ERROR: meta-toolchain-1.0-r0 do_populate_sdk: No SPDX file found
for package libilp32-libgcc-dbg,
False sstate:libilp32-libgcc:armv8a-ilp32-mllibilp32-elf:14.1.0:r0:armv8a-ilp32:12:
sstate:libilp32-libgcc::14.1.0:r0::12:
Adding in the new SPDX_MULTILIB_SSTATE_ARCHS will provide a full
set of SSTATE_ARCHS including ones that contain the multilib
extension which will allow create-spdx-* to correctly find the
document it is looking for. This would also be valuable to any
other function doing a similar search through SSTATE_ARCH that may
have been extended with multilib configurations.
(From OE-Core rev: f1499c36c1054fc90f7b7268cc95285f2eca72f7)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Same change as previously made to the create-spdx-2.2.bbclass,
while debugsrc is almost always a file (or link), there are apparently
cases where a directory could be returned from the dwarfsrcfiles
processing. When this happens, the hashing fails and an error results
when building the SPDX documents.
(From OE-Core rev: 5262f9bbf86c4e529ff988d465ddad2d1db0b073)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enables usage of TCLIBC=picolibc extending OE functionality to build and use
picolibc based toolchains to build baremetal applications.
Picolibc is a set of standard C libraries, both libc and libm, designed for
smaller embedded systems with limited ROM and RAM. Picolibc includes code
from Newlib and AVR Libc, but adresses some of newlibs concerns, it retains
newlibs directory structure, math, string and locale implementations, but
removed the GPL bits used to build the library, swiches old C style code for
C18 and replaces autotools with meson.
This patch adds a picolibc recipe for the C library, a picolibc-helloworld
recipe that contains an example application and a testcase that builds it.
Picolibc can be built for ARM and RISCV architectures, its been tested both
for 32 and 64 bits, the provided example recipe produces the following output:
hello, world
Runqemu does not automatically show any output since it hides QEMU stderr which
is where the QEMU monitors output is directed to when using semihosting, but,
manually running the same QEMU command does work properly.
(From OE-Core rev: c7535ecaccb72ef21a61f9aec5c68e61fb4f6fb6)
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandro@enedino.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The 20240203 version is the same as used in Ubuntu >= 24.04 and Debian
Trixie (testing).
(From OE-Core rev: ce19168885a04b0d77e81c1fd1c4262b195a47d4)
Signed-off-by: Theodore A. Roth <troth@openavr.org>
Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 4b15fd105f8f84f55f1da1724a0ea2f06a88c4b5)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: df1e2e5bbf675f2b2582179fe28b25b840bb4790)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 5beb30cdf389490aa00f63a1c377680deb747bbc)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
There's no need to mark these RDEPENDS as target-only.
(From OE-Core rev: 8b2332c355d603027e965e9a6a5045f9eb1f024c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Sort the entries for OCD reasons.
(From OE-Core rev: ca34cbec26baca91689e205a43787745db2caedb)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Also re-arrange the recipe to match conventional order.
(From OE-Core rev: 8083d5d1732d805a2172ae6df1d2ae51c476f9cf)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: ffdea890710aa11ab819bb7d23e18a5f01447292)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This module can be used as a wrapper around unittest, so depend on that.
Don't also depend on pytest as that's a much larger dependency, and
in ptest images we want as little pulled in as possible.
(From OE-Core rev: 98343c8fa3572ccd04964c988d55cd31f2ad8d9f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If EXTERNAL_KERNEL_DEVICETREE and dtb_image_sect are empty variables
dtb_path ends up as "/" which is available on most Unix systems but
probably not the dtb_path which is needed here. Checking for a file
makes more sense and also solves the issue with the "/".
(From OE-Core rev: c8f629b6991449cc6726f48a607d9e1bd50807ee)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
white space changes only.
- python part should be 4 spaces, not 8.
- use tabs for shell
(From OE-Core rev: 000079a973e8c97d496ca721259437880a7ea70d)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes a memory corruption issue when iptables (with
enabled PACKAGECONFIG libnftnl) is used to access rules created by
nft.
To reproduce the issue:
nft add chain ip filter TESTCHAIN { meta mark set 123 \;}
iptables -t filter -n -L TESTCHAIN
This produced the following output:
Chain TESTCHAIN (0 references)
target prot opt source destination
MARK 0 -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x7b
malloc(): corrupted top size
Aborted (core dumped)
This commit fixes this issue.
(From OE-Core rev: 461d6333dabacdc181c91f31a8dd4ad6682cc0e4)
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
https://lists.gnu.org/archive/html/info-gnu/2024-06/msg00004.html
License-Update:
-Add 3-clause BSD license for poly1305-amd64-avx512.S.
-cipher/Makefile.am: Add 'poly1305-amd64-avx512.S'.
-cipher/poly1305-amd64-avx512.S: New.
-cipher/poly1305-internal.h (POLY1305_USE_AVX512): New.
-Add 'cipher/keccak-amd64-avx512.S'.
-Update license docs for FSF new address and update gcrypt.texi.
Apart from upgrade also refreshed the patches like
0001-libgcrypt-fix-m4-file-for-oe-core.patch
0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
no-bench-slope.patch
In 0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
reverted back the change in cipher/Makefile.am related to o_flag_munging
(From OE-Core rev: aa50e6bc8dcb3f5870e1fa285ec5ab997a7a59cf)
Signed-off-by: simit.ghane <simit.ghane@lge.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2.80.0 - March 14, 2024
=======================
- Mark plugin functions as exports on Windows (!250, Amyspark)
- Updated translations
2.80.rc - February 29, 2024
===========================
- GnuTLS: fix improper use of IP address in SNI extension (!247, MARTINSONS Frederic)
- GnuTLS: major performance improvement: reduce unnecessary trust list creation (!249)
- OpenSSL: properly handle BIO_CTRL_EOF (!248)
- Updated translations
2.80.alpha - January 5, 2024
============================
- GnuTLS: Add warning when system has no trusted certificates (!243)
- OpenSSL: Fix bug when populating trust store (!244, Alessandro Bono)
- Fix license on dtls-connection.c test (!245, David King)
- Updated translations
As exposed by the warning when there are no trusted certificates, we should
RDEPEND on ca-certificates if either of the crypto backends are enabled
so that cryptography is usable.
(From OE-Core rev: 0e52a74bcf08cfdd879c74bff9b241a5007c7ef5)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This package is split into two recipes, one of the actual C library and
one for the Python bindings.
- Move common inherits into the common .inc.
- Clean up install in the python recipe
- Remove obsolete setuptools dependency
- Remove obsolete explicit .debug packaging
- Update homepage as freecode.com redirects to the top of SourceForge
(From OE-Core rev: 0ccd7429aabfe5c1c9246477acf1af84a147715c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These dependencies are only used in development:
- attrs
- setuptools
These dependencies are obsolete:
- atomicwrites removed 7.2.0
- importlib-metadata removed in 5.1.0
- more-itertools removed 6.1.0
- pathlib2 removed 6.2.2
- py removed in 7.2
- six removed in 5.0.0
- wcwidth removed in 6.0.0
This removals now means that python3-xml has to be added explicitly.
(From OE-Core rev: 0aee9aa7b70667fefe898f6a9019a82b004da391)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: af136ae469f051f584e8953cc45224b7a2b7df98)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Install the test suite and run it in core-image-ptest-fast.
(From OE-Core rev: 579675d773f52c877e50aafc59b5571ac5d6a0ba)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 901e43978eb2cb36f7da52b11319ff5ead084098)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This package can be built using pep517 classes now.
yamlint appears to have never used setuptools-scm, so remove the
dependency.
(From OE-Core rev: c3b51900326dbadb83b3853419f5c92bac12ba50)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This package can be built using pep517 classes now.
(From OE-Core rev: 4baa8e36e1ee788ed3f66a0546498e892cd69b83)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This package can be built using pep517 classes now.
(From OE-Core rev: 02e635a898b209ed023ad41e9a09b7807d327d0e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This package can be built using pep517 classes now.
(From OE-Core rev: 1deca862432ddca0d10a712f7bf159816d0ae130)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
We have Python 3.11+ so setuptools-scm can use tomllib.
(From OE-Core rev: 5c8a0a26d3f63d90bc97eec4b115d51dfb1b3995)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This package can be built using pep517 classes now.
(From OE-Core rev: c3943c81f22f8dce2f279e91b0fd516fa3e8e408)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This package can be built using pep517 classes now.
(From OE-Core rev: 9cf6a9c261b3c01402c511a2a9b4a9fda33b6e8e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This package can be built using pep517 classes now.
Also remove the redundant RUAMEL_NO_PIP_INSTALL_CHECK assignment, this
is checked by setup.py which is no longer ran.
(From OE-Core rev: eb7519a542e207911a0419c79cb3aa1d08e3e742)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This package can be built using pep517 classes now.
(From OE-Core rev: b0bd0940fc776914614b8a442f32b1661db0361f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This package can be built using pep517 classes now.
(From OE-Core rev: a32fa3e64d1daf5846c29403e9f258aea42212d3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
