| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the ability to tag raw configuration fragments as "hardware",
there is a chance that badly behaved fragments throw warnings or
cause other issues that are not applicable during development (or
you understand the risk).
Allow kernel configuration audit to be skipped if KMETA_AUDIT is
not set (by default it is), to provide a flag for control over
auditing.
(From OE-Core rev: a39a1f7cf78ad1ca07438bce634a47e970f25047)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integrating the following commit:
Author: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Wed Oct 16 23:34:04 2024 -0400
spp: allow inputs to be tagged for audit
files can have a specifier "optional" or "required"
which follows the input file and is separated by a :
We need to adjust our routines to check for the
specifier and split it out accordingly.
(From OE-Core rev: d5881f4cf09f82b31e731fafa96ab9ad5f55b17d)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When .scc files are used, a configuration fragment can be declared
as "hardware" (required) or "non-hardware" (optional).
By default the configuration audit only warns about hardware
options. We can extend that default level of auditing to configuration
fragments that are on the SRC_URI or in KERNEL_FEATURES by
adding the ability to put a specifier after the fragment.
i.e. KERNEL_FEATURES:append = 'hardening.config:required'
This is particular useful for fragments that are outside of
the kernel-cache (in a layer, in a kernel tree, etc)
(From OE-Core rev: 0a84a3dd00543adffdef4fcf5381faab2984541e)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integrating the following commit:
Author: Paul Barker <paul@pbarker.dev>
Date: Wed Oct 2 10:01:29 2024 +0000
spp: Allow .config extension for config fragments
The config fragments present in the upstream Linux kernel use the
.config extension, for example arch/riscv/configs/32-bit.config or
kernel/configs/hardening.config.
To allow these to be easily used without having to copy or rename them,
extend spp to support both .cfg and .config file extensions.
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
(From OE-Core rev: 99e51028331ee80ac8b55652ab895636b8b39979)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[This is currently an RFC as it depends on a separate patch to add
support for config fragments with .config file extensions in
yocto-kernel-tools:
https://lists.yoctoproject.org/g/linux-yocto/message/14431]
In Linux 6.8, the in-tree rv32_defconfig file for 32-bit RISC-V support
was dropped in favour of a Makefile target which combines the RISC-V
defconfig with a config fragment '32-bit.config'. So to build for 32-bit
RISC-V using the in-tree configuration from an upstream kernel, we need
to be able to enable this 32-bit config fragment.
We can support this via KERNEL_FEATURES if we add the in-tree arch
config directory (arch/${ARCH}/configs) to the search path.
While we're here, let's also add the generic config directory
(kernel/configs) to the search path so in-tree config fragments such as
'hardening.config' can be used.
(From OE-Core rev: e4e50a9a93d606ba5fef8f10f1ec20deaed7ab9c)
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
bblock is a helper tool to lock/unlock tasks and recipes to specific
signatures. Add a documentation page for it.
(From yocto-docs rev: a082aa39840587d3af6c3f4a2c2747564ca37414)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Variables SIGGEN_LOCKEDSIGS, SIGGEN_LOCKEDSIGS_TASKSIG_CHECK and
SIGGEN_LOCKEDSIGS_TYPES are used to lock specific tasks to specific
signatures. They are used by bitbake -S <lockedsigs> and bblock, so add
documentation for them.
(From yocto-docs rev: 32e3995bed2836f549866ec3b8ad254bdda37dbf)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add sstate as an accepted word to avoid errors when runnign make
stylecheck.
(From yocto-docs rev: 1c50726296e876747ea3f862729e953f025ce619)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make sphinx-lint runs sphinx-lint on the whole documentation which can be
long and reports a lot or errors/warnings. Let's add a new
SHPINXLINTDOCS variable to allow specifying a subset, just as VALEDOCS
does. Keep variable assignment aligned and also use $(SOURCEDIR) by
default for SPHINXLINTDOCS and VALEDOCS variables.
Also update the README file and fix a typo in Link checking section
title.
(From yocto-docs rev: 3dfe7b5c746af31de74f67cf88214e5d52bdb65d)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Tested-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
make stylecheck runs Vale on the whole documentation which can be long
and reports a lot of errors/warnings. We can run Vale on a subset using
the VALEDOCS variable, so update documentation to highlight it.
(From yocto-docs rev: 262237f72534c983e178231cb6839ed69709c443)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Tested-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: bb472a7000672ce836573c3f2d3baf42cca01546)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer versions of Sphinx already define a :cve: role that points to
cve.org, instead of the role we defined in conf.py that points to
nvd.nist.gov.
Rename our role to :cve_nist: to avoid warnings (treated as errors).
This is also backwards compatible, meaning we can build the doc with an
older Sphinx if needed.
The file were automatically replaced with following command:
find . -name '*.rst' -exec sed -i 's/:cve:/:cve_nist:/g' {} \+
Suggested-By: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 15fa3b7e85dde50d7236c1738ad607531cc654b8)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
debug-tweaks is vague and doesn't give any indication that the root user
can login over SSH without a password. This behaviour is incredibly
dangerous if used unwittingly, so discourage it by using the underlying
features explicitly to spell out exactly what is being done.
This is not the complete set of features that debug-tweaks enables,
but I don't think we need to enable serial-autologin-root or
post-install-logging by default.
(From meta-yocto rev: 96d453fd54e10d02a603d40536f0ac22f5da6961)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I was surprised to realise our buildtools doesn't support IPv6 which breaks
usage in our own autobuilder, let alone anywhere else.
Enable ipv6 in our SDKs and enable acl/xattr as well before we have the same
kind of issues with those, these features are now common on most linux systems
and we should be defaulting to including them.
(From OE-Core rev: e86686cbdbaf5368fae0a490d52a043f8ed4fa0f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
debug-tweaks is vague and doesn't give any indication that the root user
can login over SSH without a password. This behaviour is incredibly
dangerous if used unwittingly, so discourage it by using the underlying
features explicitly to spell out exactly what is being done.
(From OE-Core rev: 83cd8b5ca4544e9b19c110035276e5de2ebe7404)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
There's no need for the SDK images to explicitly list debug-tweaks, this
is typically added via EXTRA_IMAGE_FEATURES when needed.
(From OE-Core rev: f23eae893837f91dd9dfe027a2209c34c6845bbf)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Assigning IMAGE_FEATURES="" in local.conf doesn't actually do anything
useful, as bitbake.conf has IMAGE_FEATURES += EXTRA_IMAGE_FEATURES after
the include of local.conf.
In this test case, this results in IMAGE_FEATURES still using
EXTRA_IMAGE_FEATURES, so the image contains the files installed by the
post-install-logging feature.
As the intention here is that container-test-image is as minimal as
possible, move the IMAGE_FEATURES assignment into the image itself so
it actually works, and update the expected file list to remove the
post-install-logging files.
(From OE-Core rev: c65349e1238ddc6634dfa4759c57e6168a355200)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Sort the recipe into a more traditional order, and remove a duplicated
DEPENDS on libyaml.
(From OE-Core rev: 11739d4419b790c798ba9f2d2ef0086a8c39271d)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove patches already merged by upstream:
0001-support-include-junction.h-Define-macros-for-musl.patch
0001-support-junction-path.c-Fix-build-for-musl.patch
* Add PACKAGECONFIG[nfsdctl]
(From OE-Core rev: 2dda60516bc6be173d299c44aab92f096fd960c3)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Includes security fix CVE-2024-9632
Ref: https://lists.x.org/archives/xorg/2024-October/061766.html
(From OE-Core rev: 3fdc716d1260b4a92a46cfd2059ce044447f9172)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When `-pipe` is enabled, GCC passes data between its different
executables using pipes instead of temporary files. This leads to issues
when cmake attempts to infer compiler internals via the `-v` parameter
as each executable will print to `stderr` in parallel.
In turn this may lead to compilation issues down the line as for example
the system include directories could not be determined properly which
may then propagate to issues such as:
recipe-sysroot/usr/include/c++/11.3.0/cstdlib:75:15: fatal error:
stdlib.h: No such file or directory
| 75 | #include_next <stdlib.h>
| | ^~~~~~~~~~
| compilation terminated.
| ninja: build stopped: subcommand failed.
| WARNING: exit code 1 from a shell command.
Fix this stripping `-pipe` from the command line used to determine
compiler internals.
(From OE-Core rev: 34fa8230163e5ed1c6668bf800c45a173c6490ca)
Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since [0], the reproducibility test tries to save logs of failed builds.
Using the memory persistent bitbake prevent this by concatenating logs in the
single persistent instance (See [YOCTO #15641]).
So, force a BitBake server restart for each build to ensure a new log
file is created.
This fixes this error (seen on AB [1]):
2024-11-02 08:16:00,816 - oe-selftest - ERROR - reproducibleA build failed. Trying to compute built packages differences but the test will fail.
2024-11-02 08:16:00,819 - oe-selftest - INFO - ... ERROR
2024-11-02 08:16:00,819 - oe-selftest - INFO - Traceback (most recent call last):
File "/srv/pokybuild/yocto-worker/reproducible-meta-oe/build/meta/lib/oeqa/selftest/cases/reproducible.py", line 321, in test_reproducible_builds
self.copy_file(variables["BB_CONSOLELOG"], os.path.join(save_dir, "bitbake-%s.log" % name))
File "/srv/pokybuild/yocto-worker/reproducible-meta-oe/build/meta/lib/oeqa/selftest/cases/reproducible.py", line 216, in copy_file
shutil.copyfile(source, dest)
File "/usr/lib/python3.11/shutil.py", line 256, in copyfile
with open(src, 'rb') as fsrc:
^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/srv/pokybuild/yocto-worker/reproducible-meta-oe/build/build/build-st-meta-python/build-st/tmp/log/cooker/qemux86-64/20241102071141.log'
[0]: https://git.openembedded.org/openembedded-core/commit/?id=c78cc753843d4199443052e8deb0c9c3b7e4b580
[1]: https://valkyrie.yoctoproject.org/#/builders/87/builds/17/steps/40/logs/stdio
(From OE-Core rev: e89bbc00ba16574d719b199c01ffbf37646f4f54)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dropped two patches which are now merged upstream.
Added one new patch to resolve a build error when using musl.
Changelog
* Fix issue with handling address type while pairing.
* Add support for allowing to set A2DP transport delay.
* Add support for persistent userspace HID operation.
* Add support for handling syncing to multiple BISes.
(From OE-Core rev: 52d4168f66dd3c4d68e63c8ee17d186b4bdd0e55)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Includes security fix CVE-2024-9632
Ref: https://lists.x.org/archives/xorg/2024-October/061765.html
(From OE-Core rev: 957ba32bc6fdffd3a796a04ba222fae6cd673f7e)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Backport 3 patches [1][2][3] for gdatetime test to fix the ptest failure.
[1] https://github.com/GNOME/glib/commit/c0619f08e6c608fd6464d2f0c6970ef0bbfb9ecf
[2] https://github.com/GNOME/glib/commit/30e9cfa5733003cd1079e0e9e8a4bff1a191171a
[3] https://github.com/GNOME/glib/commit/fe2699369f79981dcf913af4cfd98b342b84a9c1
(From OE-Core rev: 0c8f87d5d4ec9f286b1e85d114cb9a728c1ff64b)
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: b84b29b1827624270cc1698feda2ee87d55c01e4)
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lz4c has been considered deprecated by upstream since at least 2018 [1]
and has been disabled by default recently [2]. openSUSE Tumbleweed is
no longer packaging the deprecated version and others will likely
follow.
Luckily, we're not using any legacy-specific options and, going back as
far as Ubuntu 16.04/Fedora 25, both lz4 and lz4cli are installed as part
of the same package
1. https://github.com/lz4/lz4/pull/553
2. https://github.com/lz4/lz4/pull/1479
(Bitbake rev: 907472034b344e4eb73cfd43059a413469f52e1c)
Signed-off-by: Justin Bronder <jsbronder@cold-front.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
So that we can compare the different pn-buildlist easily.
(Bitbake rev: 529043117a7c62feb45bc891658a412cc8dd7e3f)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
find_library API depends on platform to provide ldconfig, ld, gcc, objdump
etc, so either we add these dependencies or avoid them by computing the
libarchive library name during build, which we can be done.
This ensures that ffi module works with musl as well as glibc equally
as musl does not provide ldconfig like glibc does
(From OE-Core rev: db350fa7c3c33956fb652eef8aefebaf18ead841)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently weston 13.0.3 with neatvnc 0.8.1 does not compile when using
VNC:
| Dependency neatvnc found: NO found 0.8.1 but need: '< 0.8.0' ;
matched: '>= 0.7.0'
However weston upstream already increased the allowed version to 0.9.0,
since neatvnc 0.8.0 does not introduce any changes that breaks API used
by the VNC backend. Therefore, backport this patch.
(From OE-Core rev: 8516496018a3ee9e81a67d4682bf9784d0eab2bd)
Signed-off-by: Hiago De Franco <hiago.franco@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Qualcomm QCS6490 is a modemless variant of the QCM6490 platform. These
two platforms share most of the firmware binaries (except the IPA one).
Rather than providing complete packages, include compat symlinks into
qcom-qcm6490 firmware packages and add RPROVIDES to let other layers /
configurations use qcs6490 names to install qcm6490 packages.
(From OE-Core rev: 7f02df4eeab69d3254bd7cfd3e2ced7ff0375091)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Add the ${PN}-qcom-qcm6490-ipa firmware package, containing the
ipa_fws.mbn, the firmware for the onboard IPA core.
(From OE-Core rev: d29ddafab782d8a8a8383ea0124b44fee7277062)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adreno A663 requires two files to function: one is a663_gmu.bin,
provided by the ${PN}-qcom-adreno-a663 package, another one is
a660_sqe.fw, provided by the ${PN}-qcom-adreno-a660 package.
Make the ${PN}-qcom-adreno-a663 depend on -a660, so that the platforms
requiring A663 firmware don't have to care about the details and can
simply require the A663 firmware package.
Fixes: 02dec6af254c ("linux-firmware: Add qcom-adreno-a663 package")
(From OE-Core rev: 26db3e9d3627d45097371e39ef5b43e479e34119)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adreno zap.mbn files are platform-specific. As such they shouldn't be a
part of the generic ${PN}-qcom-adreno-aNNN packages. Move it to the
${PN}-qcom-sa8775p-adreno package.
Fixes: 02dec6af254c ("linux-firmware: Add qcom-adreno-a663 package")
(From OE-Core rev: 5280c01f93a7c8cf2ca7996965377fc10d24027e)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adreno zap.mbn files are platform-specific. As such they shouldn't be a
part of the generic ${PN}-qcom-adreno-aNNN packages. Move it to the
${PN}-qcom-qcm6490-adreno package.
Fixes: 6026fdda9021 ("linux-firmware: add new fw file to ${PN}-qcom-adreno-a660")
(From OE-Core rev: af95f7e3d9db9b8a1b2f503f6c6ff14bebaeb583)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The battmgr.jsn file describes one of the services provided by the audio
DSP. Add it to the ${PN}-qcom-qcom6490-audio package (for the reference,
see the ${PN}-qcom-sc8280xp-lenovo-x13s-audio package, which also
incorporates corresponding battmgr.jsn file.
Fixes: 1d421fa263bc ("linux-firmware: Add qcom-qcm6490-{audio,compute} firmware packages")
(From OE-Core rev: 57da7cbf63acff744beb2b01e5847b62a9fc350d)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(Bitbake rev: d8a044351dea6c9e324a8e00dd1aa6f2b606fec6)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Explicitly enable pam support, otherwise it goes into
detection mode and ends up poking at build host
Turn openssl into packageconfig as well
cc1: warning: include location "/usr/include" is unsafe for cross-compilation [-Wpoison-system-directories]
conftest.c: In function 'main':
conftest.c:68:1: warning: argument 1 null where non-null expected [-Wnonnull]
68 | pam_authenticate(NULL, 0);
| ^~~~~~~~~~~~~~~~
In file included from conftest.c:63:
/usr/include/security/pam_appl.h:38:1: note: in a call to function 'pam_authenticate' declared 'nonnull'
38 | pam_authenticate(pam_handle_t *pamh, int flags);
| ^~~~~~~~~~~~~~~~
(From OE-Core rev: 9b0c69a0bac18627cc6190f64bf9cabc518e4777)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 01cf0498e0cf10c0d1545e75ca873c2f3157f13d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: da088a6517fe3434b9f75af9685fed0bd57561c6)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
runCmd by default merges stderr into stdout, and only
needs to print stdout when errors occur. When stderr
is requested as a separate stream, and an error occurs,
stderr is discarded, obscuring useful error messages.
This changes the output to include both streams.
(From OE-Core rev: 72c747b37ccdd486ddae06e3d0a99fb2b93643ba)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
makedumpfile is not compatible with mipsarcho32 and riscv32, so set for
kexec-tools accordingly.
And update packagegroup-core-tools-testapps too.
(From OE-Core rev: 9107d9c09c7dab385c6034778cefadca3613be9c)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Add wic-tools to the PATH to avoid failures when running the
wic_sector_size test case on a build host that doesn’t have parted.
(From OE-Core rev: 013dcdf75669421bc38d699263cb1e8d5b95d398)
Signed-off-by: Vince Chang <vince_chang@aspeedtech.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The wic test case previously used '2>/dev/null' to suppress error
messages. This commit updates the code to use 'stderr=subprocess.PIPE'
when calling runCmd().
Refer:
https://lists.openembedded.org/g/openembedded-core/topic/109308684
(From OE-Core rev: bd26d999a0ba1107ee5629a8e238f4fe945e9be5)
Signed-off-by: Vince Chang <vince_chang@aspeedtech.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The list of valid statuses (`upstream_status_literal_valid_status`) was
missing "Inactive-Upstream", which caused patchtest to fail the test
test_patch.TestPatch.test_upstream_status_presence_format for patches
containing lines like:
+Upstream-Status: Inactive-Upstream [lastrelease: 2013 lastcommit: 2013]
with the error:
FAIL: test Upstream-Status presence: Upstream-Status is in incorrect format (test_patch.TestPatch.test_upstream_status_presence_format)
"Inactive-Upstream" is documented in the Yocto Project and OpenEmbedded
Contributor Guide [1]:
Inactive-Upstream [lastcommit: when (and/or) lastrelease: when]
The upstream is no longer available. This typically means a
defunct project where no activity has happened for a long time —
measured in years. To make that judgement, it is recommended to
look at not only when the last release happened, but also when
the last commit happened, and whether newly made bug reports and
merge requests since that time receive no reaction. It is also
recommended to add to the patch description any relevant links
where the inactivity can be clearly seen.
`upstream_status_nonliteral_valid_status` only seems to be used in
logging and the value was copied verbatim from the aforementioned
documentation.
After this change all upstream status options documented in [1] are
covered.
[1] https://docs.yoctoproject.org/5.0.3/contributor-guide/recipe-style-guide.html#patch-upstream-status
(From OE-Core rev: a39e6e6854b60fd10f21c6c3f1e7d676e12ba9ee)
Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
perf record can use zstd when available to provide on the fly
compression.
(From OE-Core rev: 1db5bc41e6c672a0c2ac104ee52dfdfe66ac67cd)
Signed-off-by: Alexander Hirsch <alexander.hirsch@gin.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When CPE is not provided and character ":" is in cve status description,
current code takes only last part of split function.
This works only if there is no ":" in description, otherwise it drops
the other split parts.
Do a new split of the original string to take the whole description unchanged.
This fixes following entries from world build of poky+meta-oe+meta-python:
tiff-4.6.0-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2015-7313
CVE_STATUS: fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue
description: //security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue
corrected: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue
gnupg-2.5.0-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2022-3219
CVE_STATUS: upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993
description: //dev.gnupg.org/T5993
corrected: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993
libyaml-0.2.5-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2024-35325
CVE_STATUS: upstream-wontfix: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303
description: //github.com/yaml/libyaml/issues/303
corrected: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303
libyaml-0.2.5-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2024-35326
CVE_STATUS: upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
description: //github.com/yaml/libyaml/issues/302
corrected: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
libyaml-0.2.5-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2024-35328
CVE_STATUS: upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
description: //github.com/yaml/libyaml/issues/302
corrected: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
cpio-2.15-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2023-7216
CVE_STATUS: disputed: intended behaviour, see https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html
description: //lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html
corrected: intended behaviour, see https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html
openssh-9.9p1-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2023-51767
CVE_STATUS: upstream-wontfix: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1.
description: //bugzilla.mindrot.org/show_bug.cgi?id=3656#c1.
corrected: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1.
cups-2.4.10-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2021-25317
CVE_STATUS: not-applicable-config: This concerns /var/log/cups having lp ownership, our /var/log/cups is root:root, so this doesn't apply.
description: root, so this doesn't apply.
corrected: This concerns /var/log/cups having lp ownership, our /var/log/cups is root:root, so this doesn't apply.
unzip-1_6.0-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2008-0888
CVE_STATUS: fixed-version: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
description: //bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
corrected: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
syslog-ng-4.7.0-r0 do_cve_check: CVE_STATUS with 6 parts for CVE-2022-38725
CVE_STATUS: cpe-incorrect: cve-check wrongly matches cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32
description: syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32
corrected: cve-check wrongly matches cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32
(From OE-Core rev: cc33dd9176726cb4b2d2f142ed1bc655da8e0a9f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Correct maxsplit parameter from 5 to 4 to not drop text if
description contains ":".
Example:
>>> "detail: cpe:vendor:product:description:cont".split(':', 5)
['detail', ' cpe', 'vendor', 'product', 'description', 'xxx']
>>> "detail: cpe:vendor:product:description:cont".split(':', 4)
['detail', ' cpe', 'vendor', 'product', 'description:xxx']
(From OE-Core rev: 3c4d8ca41ac0b429af92bf0ea84f1dfd0cda9e1f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
0001-scripts-dtc-pylibfdt-libfdt.i_shipped-Use-SWIG_Appen.patch is now
applied in U-Boot upstream.
Update the Upstream-Status accordingly.
(From OE-Core rev: 718f97d90b13c190e2b1852447764c31464ebdf1)
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Swig has changed language specific AppendOutput functions. The helper
macro SWIG_AppendOutput remains unchanged. Use that instead
of SWIG_Python_AppendOutput, which would require an extra parameter
since swig 4.3.0.
(From OE-Core rev: 4eae7888e91c7c864bf490dee38716267be6202e)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
