diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2022-03-30 19:27:02 +0300 |
|---|---|---|
| committer | Andrew Geissler <andrew@geissonator.com> | 2022-04-01 17:11:17 +0300 |
| commit | 9aee50030142f0352e48fd0b14b3aab4e7efa158 (patch) | |
| tree | fbf0826ccb09575fca84ce810e59cc6d09c8ca32 /meta-security | |
| parent | 7e0e3c0c6a2cd4e76ebca17ed16a37155992025e (diff) | |
| download | openbmc-9aee50030142f0352e48fd0b14b3aab4e7efa158.tar.xz | |
subtree updates march 30 2022
meta-raspberrypi: e39a0a570c..c06ae5eacf:
Andrei Gherzan (7):
linux-raspberrypi: linux-raspberrypi: Bump 5.10 to 5.10.95
linux-raspberrypi: linux-raspberrypi: Bump 5.15 revision
raspberrypi-firmware.inc: Move to using tarballs from rpi deb repo
rpi-base.inc: Cleanup redundant imgtyp variable
sdcard_image-rpi.bbclass: Use processed list of device trees
docs: Update www.raspberrypi.com documentation links
linux-raspberrypi: Bump 5.15 recipe to 5.15.30
Khem Raj (10):
python3-adafruit-circuitpython-register: Define PIP_INSTALL_PACKAGE
python3-adafruit-pureio: Fix build with wheel
python3-rtimu: Port to using setuptools and fix build with wheel
python3-adafruit-platformdetect: Fix build with wheel
linux-raspberrypi_5.15.bb: Upgrade to 5.15.25
rpi-gpio: Port to PEP-517 packaging
linux-raspberrypi_5.15.bb: Update to 5.15.26
linux-raspberrypi: Update to 5.15.27
python: Unbolt wheel packaging PIP_INSTALL_PACKAGE band-aids
linux-raspberrypi: Update to 5.15.28
Matthias Klein (1):
u-boot: always set fdt_addr with firmware-provided FDT address
meta-security: 6cc8dde794..da93339112:
Akshay Bhat (1):
meta-security-isafw: Fixes to work with oe-core master
Armin Kuster (16):
README.md: fix typo
packagegroup-security-tpm: Fix QA Error
apparmor: update to 3.0.4
layer.conf: enable apparmor for qemu machine
parsec-service: Only enable TPM is layer and DISTRO_FEATURE is defined.
python3-privacyidea: fix QA ERROR
python3-privacyidea: update to 3.6.2
openscap-daemon: fix wheels and License issues.
swtpm: update to 0.7.1
libtpm: update to 0.9.2
ima-evm-keys: don't use lnr
tpm-tools: Fix pod2man race
tpm2-tss: fix user perms
python3-fail2ban: fix SPDX license.
python3-privacyidea: drop old package ref.
kas-security-alt: drop rust layer
Ashish Sharma (1):
Subject: [PATCH] Subject: python3-fail2ban: switch to legacy setuptools3
meta-openembedded: cf0ed42391..9a52bfc4a6:
Adrian Freihofer (6):
networkmanager: switch to meson
networkmanager: new configure options
libqrtr-glib: add new recipe
libqmi: switch to meson and git
modemmanager: update 1.16.8 -> 1.18.6
networkmanager: replace deprecated licenses
Alejandro Enedino Hernandez Samaniego (1):
meta-python: Clean up recipes and classes that were moved to oe-core
Andreas Müller (3):
vlc: upgrade 3.0.12 -> 3.0.17-1 to fix build with ffmpeg5
gnome-tweaks: Fix build on latest meson
gnome-shell-extensions: Fix build with latest meson
Andrej Valek (1):
nodejs: add option to use openssl legacy providers again
Anu Deepthika, Nandipati (2):
usbguard: Add inital recipe
usbguard: package simplification
Armin Kuster (1):
pw-am.sh: update to new patcwork system
Carlos Rafael Giani (1):
libopenmpt: Upgrade to version 0.6.2
Changqing Li (1):
hstr: add new recipe
Christian Eggers (3):
libiio: update to version 0.23
boost-sml: 1.1.4+git --> 1.1.5
graphviz: don't clear PACKAGECONFIG for nativesdk
Daniel Gomez (5):
python3-flask-versioned: Fix PYPA_WHEEL name
v4l-utils: Update 1.20.0 -> 1.22.1
opencl-icd-loader: Update 2020.12.18 -> v2022.01.04
opencl-headers: Update v2020.12.18 -> v2022.01.04
opencl-clhpp: Update 2.0.15 -> 2.0.16
Jeremy A. Puhlman (1):
nspr-native: fix ubuntu 18.04 builds using system gcc.
Jeremy Puhlman (1):
nspr-native: build correclty with extended buildtools.
Jiaqing Zhao (2):
libesmtp: bump 1.0.6 -> 1.1.0
esmtp: fix libesmtp dependency check
Julian Haller (1):
nlohmann-json: Set CVE_PRODUCT according to NVD
Justin Bronder (17):
python3-crc32c: add 2.2.post0
python3-feedformatter: drop recipe
python3-coloredlogs: fix location of coloredlogs.pth
python3-bitarray: switch to setuptools
python3-kivy: fix wheel build
python3-astor: fix wheel build
python3-crcmod: use setuptools instead of distutils
python3-gcovr: fix wheel build
python3-prctl: fix wheel build
python3-ntplib: pull from PyPI
python3-lrparsing: use setuptools instead of distutils
python3-configshell-fb: set PIP_INSTALL_PACKAGE
python3-pyscaffold: fix wheel build and license
python3-pyserial-asyncio: add 0.6
python3-pymodbus: add 2.5.3
python3-asyncinotify: add 2.0.2
python3-pymodbus: add asyncio to package config
Kai Kang (9):
cairomm: correct SRC_URI
networkmanager: fix installed-vs-shipped error
python3-pydot: add recipe
python3-blivet: use setuptools_legacy
Revert "python3-ipy: drop recipe"
wxwidgets: fix libdir for multilib
wxwidgets: fix install errors
graphviz: 2.44.1 -> 2.50.0
graphviz: add pkg_postinst script
Kas User (1):
netdata: added enable/disable cloud config.
Khem Raj (131):
python3-apt: Point PYPA_WHEEL to custom location
python3-pycups: Inherit setuptools_build_meta
python3-anyjson: Drop recipe
Revert "python3-twofish: drop recipe"
cxxtest: Define PIP_INSTALL_DIST_PATH
sanlock: Fix build with wheels on
guider: Set PYPA_WHEEL
unattended-upgrades: Migrate to use wheels
python3-scapy: Define custom PYPA_WHEEL
python3-termcolor: Use setuptools instead of distutils
cyrus-sasl: Fix ptest builds
bluepy: Define custom PYPA_WHEEL
ufw: Upgrade to 0.36.1 bugfix release
catfish: Fix wheel build
menulibre: Inherit distutils3
onboard: Inherit setuptools3-base instead of setuptools3
python3-xmodem: Move docs to /usr/share/doc
python3-blivet: Upgrade to 3.4.3
python3-pytest-runner: Define PIP_INSTALL_PACKAGE
python3-setuptools-rust-native: Define PIP_INSTALL_PACKAGE
python3-dateutil: Define PIP_INSTALL_PACKAGE
python3-poetry-core: Define PIP_INSTALL_PACKAGE
python3-keras-applications: Define PIP_INSTALL_PACKAGE
python3-pymetno: Define PIP_INSTALL_PACKAGE
python3-cson: Define PIP_INSTALL_PACKAGE
python3-dbussy: Define PIP_INSTALL_PACKAGE
python3-txws: Define PIP_INSTALL_PACKAGE
python3-aws-iot-device-sdk-python: Upgrade to 1.5.0
python3-blivetgui: Upgrade to 2.3.0
python3-blivet: Adjust install location for binaries and systemd units
python3-slip-dbus: Fix build with wheel packaging
xfce4-terminal: Add missing gtk-doc dependency
recipes: Update LICENSE variable to use SPDX license identifiers
recipes: Update LICENSE variable to use SPDX license identifiers
recipes: Update LICENSE variable to use SPDX license identifiers
recipes: Update LICENSE variable to use SPDX license identifiers
recipes: Update LICENSE variable to use SPDX license identifiers
recipes: Update LICENSE variable to use SPDX license identifiers
recipes: Update LICENSE variable to use SPDX license identifiers
recipes: Update LICENSE variable to use SPDX license identifiers
recipes: Update LICENSE variable to use SPDX license identifiers
recipes: Update LICENSE variable to use SPDX license identifiers
unattended-upgrades: Inherit setuptools3_legacy
menulibre: Inherit setuptools3_legacy
libbpf: Enable builds for riscv64
pcp: Enable check for x11 distro feature
gfbgraph: Check for x11 distro feature
gedit: Fix REQUIRED_DISTRO_FEATURES to not overwrite x11
thunar-shares-plugin: Check for x11 in distro features
tepl: Check for x11 in distro features
geary: Check for x11 in distro features
packagegroup-xfce-multimedia: Check for x11 distro feature
fbida: Fix build when x11 is not enabled in distro features
python3-crc32c: set target platform via setup.cfg
python3-pyruvate: Fix build on riscv32
libdc1394: Change dependency from virtual/libgl to virtual/egl
boinc-client: Depend on virtual/egl instead of virtual/libgl
libsdl2-ttf: Change depenendency from virtual/libgl to virtual/egl
Revert "python3-smbus: fix wheel build"
catfish: Do not set PYPA_WHEEL
libcereal: Disable Werror with ptests
ttf-vlgothic: Specify accurate BSD license type
pcp: Upgrade to 5.3.6
pcp: Do not search headers on build host during cross compile
libcereal: Link libatomics on mips for ptests
nodejs: Disable for powerpc
gimp: Disable vector icons on ppc
capnproto: Link in libatomic on ppc
rocksdb: Use new atomic builtins on powerpc as well
fwts: Upgrade to 22.01.00
fwts: Do not use --as-needed on ppc64
python3-poetry-core: Setting PIP_INSTALL_PACKAGE is no longer needed
python3-grpcio, python3-grpcio-tools: Upgrade to 1.44.0
packagegroup-meta-python: Do not exclude python3-grpcio python3-grpcio-tools for ppc64
python3-pyrad: Change poetry bbclass inherit to match oe-core
python3-bcrypt: Remove
python3-psutil: Remove
abseil: Upgrade to 20211102.0 LTS release
python3-kiwisolver: Upgrade to 1.4.0
python3-pyruvate: Update libc to 0.2.120
python3-chardet: Remove
python3-pytest-runner: Remove
php: Fix build on rv32/musl
recipes: Adjust for renaming flit_core -> python_flit_core
libgphoto: Fix build with libtool 2.4.7
monit: Fix build with libtool 2.4.7
uim: Fix build with libtool 2.4.7
libbpf: Enable on ppc64
librdkafka: Use CMAKE_INSTALL_LIBDIR
liburing: Define libdir based on environment variable
http-parser: Define LIBDIR
msgpack-cpp: Upgrade to 4.1.1 release
weechat: Define LIBDIR
json-schema-validator: Use GNUInstallDirs in cmake
redis-plus-plus: Use GNUInstallDirs in cmake
libiec61850: Use GNUInstallDirs in cmake
paho-mqtt-cpp: Use CMAKE_INSTALL_LIBDIR in cmake
sqlite-orm: Define cmake variable defaults
duktape: Upgrade to 2.7.0
cockpit: Package missing nonarch_libdir
unattended-upgrades: Package nonarch_libdir for systemd files
fsverity-utils: Define LIBDIR
luaposix: Fix INST_LIBDIR to honor libdir var
uml-utilities: Define LIB_DIR to be libdir relative
libsquish: Define LIBDIR knob
io-compress-lzma-perl,io-compress-perl: Do not mark allarch
luajit: Upgrade to latest on v2.1 branch
libcppkafka: Use CMAKE_INSTALL_LIBDIR instead of hardcoding lib
lvgl,lv-lib-png,lv-drivers: Pass libdir via LIB_INSTALL_DIR to cmake
geany-plugins: Do not overwrite OE's pkg-config env
io-compress-lzma-perl, io-compress-perl: Rename to use debian names
projucer: Upgrade to 6.1.6
grpc: Enable cpp plugin for target version too
sysdig: Upgrade to 0.28.0
libsquish: Fix build when libdir != 'lib'
valijson: move out of hard dep on meta-networking
mariadb: Add missing dependency on lzo
mariadb: Enable openSSL and use as default SSL option
mariadb: Align atomic ops to help clang on x86
folks: Upgrade to 0.15.5
geary: Fix build failures with latest vala
netdata: Fix override separator syntax
iniparser: Update to latest tip of trunk
ndctl: Upgrade to v73
rocksdb: Exclude on ppc/musl
gsl: Disable on musl/ppc
a2jmidid: Fix build on ppc/musl
abseil-cpp: Fix ppc/musl patch
gperftools: Disable cpu profiles for ppc/musl
pmdk: Fix build with newer ndctl
duktape: Use baselib to construct LIBDIR
Leon Anavi (10):
python3-prettytable: Upgrade 2.4.0 -> 3.1.1
python3-transitions: Upgrade 0.8.10 -> 0.8.11
python3-charset-normalizer: Upgrade 2.0.10 -> 2.0.12
python3-semantic-version: Upgrade 2.8.5 -> 2.9.0
python3-networkx: Upgrade 2.6.3 -> 2.7
python3-h11: Upgrade 0.12.0 -> 0.13.0
python3-humanize: Upgrade 3.14.0 -> 4.0.0
python3-typed-ast: Upgrade 1.4.3 -> 1.5.2
python3-bandit: Upgrade 1.7.2 -> 1.7.4
xbindkeys: Add recipe
Macpaul Lin (1):
android-tools: adb: add u3 ss descriptor support
Markus Volk (6):
gjs: update; customize dependencies
gnome-disk-utility: disable build of man pages
evolution-data-server: update to v3.43.1
libvdpau: allow to build native and nativesdk
crossguid: update
blueman: update; add missing RDEPENDS
Matthias Klein (1):
python3-smbus: fix wheel build
Mikko Rapeli (2):
polkit: add patches for CVE-2021-4034 and CVE-2021-4115
polkit: switch from mozjs to duktape javascript engine
Mingli Yu (4):
gosu: add new recipe
redis: remove fuzz warning
libcereal: add ptest support
mariadb: Upgrade to 10.7.3
Peter Bergin (1):
wireplumber: backport fix for default device setting
Peter Kjellerstedt (1):
net-snmp: Avoid running `make clean` as it may fail
Preeti Sachan (1):
live555: Fix rdepends of live555-dev
Radovan Scasny (1):
proftpd: update to 1.3.7c
Randy MacLeod (7):
libyang: update from 2.0.7 to 2.0.164
iperf3: upgrade from 3.9 to 3.11
syslog-ng: update from 3.31.2 to 3.26.1
mcelog: update from 175 to 180
haveged: update from 1.9.14 to 1.9.17
pv: update from 1.6.6 to 1.6.20
edac-utils: update to latest git head
Richard Hughes (1):
fwupd: New release
Robert Joslyn (2):
hwdata: Update to 0.357
stunnel: Update to 5.63
Ross Burton (23):
layer.conf: change layer priority to match oe-core
ufw: port to setuptools, use setuptools_legacy
unattended-upgrades: remove PYPA_WHEEL
python3-blivetgui: use setuptools_legacy
python3-meh: fix HOMEPAGE
python3-meh: use setuptools_legacy
python3-poetry-core: self-bootstrap
poetry-core: clean up class
python3-pystache: remove, unmaintained
python3-configparser: remove, not needed for Python 3
python3-backports-functional-lru-cache: remove, not needed for Python 3
python3-pyzmq: clean up recipe
python3-pycurl: fix DEPENDS
python3-twisted: remove empty PN-src and PN-dbg
python3-pylint: upgrade to 2.12.2
meta-python: migrate away from setuptool3 where possible
packagegroup-meta-python: add poetry-core and unattended-upgrade
meta-*: remove obsolete PYPA_WHEEL and PIP_INSTALL_PACKAGE assignments
poetry_core: update for renamed class pip_install_wheel to python_pep517
sanlock: update patch status
Update for setuptools_build_meta renamed to python_setuptools_build_meta
python3-lz4: use system lz4 library
python3-lz4: add ptest
S. Lockwood-Childs (2):
gyp: fix for compatibility with Python 3.10 (part 2)
devmem2: patches have been upstreamed
Samuli Piippo (3):
python3-path: add recipe
python3-antlr4-runtime: add recipe
python3-qface: add recipe
Scott Murray (13):
python3-babel: Remove
python3-certifi: Remove
python3-ndg-httpsclient: Remove
python3-pyasn1: Remove
python3-pyopenssl: Remove
python3-pysocks: Remove
python3-requests: Remove
python3-urllib3: Remove
mpd: upgrade to 0.23.6
libmpdclient: upgrade to 2.20
mpc: upgrade to 0.34
ncmpc: upgrade to 0.46
polkit: Fix build with libtool 2.4.7
Stefan Herbrechtsmeier (4):
grpc: Remove runtime dependency between grpc and protobuf-compiler
spdlog: remove header-only leftover
nginx: add gunzip PACKAGECONFIG
openldap: correct slapd systemd service support
Theodore A. Roth (1):
python3-marshmallow: fix wheel build
Tim Orling (40):
python3-setuptools-rust-native: fix wheel build
python3-cryptography: fix wheel build
python3-pyruvate: fix wheel build
python3-backcall: inherit flit_core
python3-distutils-extra; merge inc, fix wheel build
python3-ptyprocess: inherit flit_core
python3-pyserial: also remove /usr/bin/__pycache__
python3-twisted: also ship Twisted-*.dist-info
python3-pillow: fix wheel build
python3-xlrd: fix wheel build
python3-pykickstart: fix wheel build
python3-twofish: drop recipe
python3-monotonic: fix wheel build
python3-geomet: fix wheel build
python3-pako: remove duplicate LICENSE
python3-configobj: backport patch for setuptools
python3-systemd: patch to use setuptools
python3-twofish: patch to use setuptools
python3-sdnotify: patch to use setuptools
python3-pynetlinux: patch to use setuptools
python3-pyiface: upgrade to latest git
python3-meh: patch to use setuptools
distutils*.bbclass: move from oe-core
python3-ipy: drop recipe
python3-poetry-core: add v1.0.8
python3-dnspython: inherit poetry_core
python3-pkgconfig: inherit poetry_core
python3-iso8601: inherit poetry_core
python3-rsa: inherit poetry_core
python3-isort: inherit poetry_core
python3-pymisp: inherit poetry_core
python3-aiofiles: inherit poetry_core
poetry_core: add helper class
python3-iso8601: move to oe-core
python3-ply: move to oe-core
python3-poetry-core: move to oe-core
python3-pretend: move to oe-core
python3-pytest-subtests: move to oe-core
python3-pytz: move to oe-core
packagegroup-meta-python: drop recipes moved to core
Tom Hochstein (1):
python3-pybind11: Override pip install variables
Trevor Gamblin (9):
python3-django: upgrade 3.2.11 -> 3.2.12
python3-django: upgrade 4.0.1 -> 4.0.2
python3-pytest-lazy-fixture: add recipe
python3-prettytable: add python3-pytest-lazy-fixture to ptest RDEPENDS
packagegroup-meta-python: add python3-pytest-lazy-fixture
grpc: upgrade 1.41.1 -> 1.45.0
python3-protobuf: upgrade 3.19.3 -> 3.19.4
python3-h5py: upgrade 3.5.0 -> 3.6.0
python3-paramiko: upgrade 2.9.2 -> 2.10.3
Vyacheslav Yurkov (1):
sdbus-c++: disable code generation tools
Wang Mingyu (81):
python3-websockets: upgrade 10.1 -> 10.2
python3-websocket-client: upgrade 1.2.3 -> 1.3.1
python3-xlsxwriter: upgrade 3.0.2 -> 3.0.3
python3-socketio: upgrade 5.5.1 -> 5.5.2
python3-sentry-sdk: upgrade 1.5.3 -> 1.5.6
babl: upgrade 0.1.88 -> 0.1.90
gegl: upgrade 0.4.34 -> 0.4.36
cyrus-sasl: upgrade 2.1.27 -> 2.1.28
networkmanager: upgrade 1.34.0 -> 1.36.0
bats: upgrade 1.5.0 -> 1.6.0
cukinia: upgrade 0.5.1 -> 0.6.0
iwd: upgrade 1.24 -> 1.25
freerdp: upgrade 2.5.0 -> 2.6.0
openconnect: upgrade 8.10 -> 8.20
libcereal: upgrade 1.3.1 -> 1.3.2
poco: upgrade 1.11.0 -> 1.11.1
poppler: upgrade 22.02.0 -> 22.03.0
smartmontools: upgrade 7.2 -> 7.3
python3-autobahn: upgrade 22.1.1 -> 22.2.2
python3-cheetah: upgrade 3.2.6.post1 -> 3.2.6.post2
python3-django: upgrade 2.2.26 -> 2.2.27
python3-httplib2: upgrade 0.20.2- > 0.20.4
python3-icu: upgrade 2.8 -> 2.8.1
python3-jsonrpcserver: upgrade 5.0.3 -> 5.0.6
python3-lxml: upgrade 4.7.1 -> 4.8.0
python3-pyscaffold: upgrade 4.1.4 -> 4.1.5
python3-redis: upgrade 4.1.1 -> 4.1.4
python3-scrypt: upgrade 0.8.19 -> 0.8.20
python3-tqdm: upgrade 4.62.3 -> 4.63.0
python3-twisted: upgrade 22.1.0 -> 22.2.0
python3-waitress: upgrade 2.0.0 -> 2.1.0
python3-astroid: upgrade 2.9.3 -> 2.10.0
python3-bitarray: upgrade 2.3.7 -> 2.4.0
python3-aws-iot-device-sdk-python: upgrade 1.5.0-> 1.5.1
python3-imageio: upgrade 2.16.0 -> 2.16.1
python3-python-vlc: upgrade 3.0.12118 -> 3.0.16120
python3-pymisp: upgrade 2.4.152 -> 2.4.155.1
python3-networkx: upgrade 2.7 -> 2.7.1
python3-pychromecast: upgrade 10.2.3 -> 10.3.0
smbnetfs: upgrade 0.6.1 -> 0.6.3
python3-astroid: upgrade 2.10.0 -> 2.11.0
python3-bitstruct: upgrade 8.12.1 -> 8.13.0
python3-cppy: upgrade 1.1.0 -> 1.2.0
python3-dnspython: upgrade 2.2.0 -> 2.2.1
libiec61850: upgrade 1.5.0 -> 1.5.1
evince: upgrade 41.3 -> 41.4
networkmanager-openvpn: upgrade 1.8.16 -> 1.8.18
networkmanager: upgrade 1.36.0 -> 1.36.2
weechat: upgrade 3.4 -> 3.4.1
freerdp: upgrade 2.6.0 -> 2.6.1
libvdpau: upgrade 1.4 -> 1.5
python3-itsdangerous: upgrade 2.1.0 -> 2.1.1
python3-jsonrpcserver: upgrade 5.0.6 -> 5.0.7
gjs: upgrade 1.71.1 -> 1.72.0
gvfs: upgrade 1.49.1 -> 1.50.0
nautilus: upgrade 41.2 -> 42.0
gnome-disk-utility: upgrade 41.0 -> 42.0
gnome-photos: upgrade 40.0 -> 42.0
gnome-system-monitor: upgrade 41.0 -> 42.0
metacity: upgrade 3.42.0 -> 3.44.0
graphene: upgrade 1.10.6 -> 1.10.8
libpeas: upgrade 1.30.0 -> 1.32.0
php: upgrade 8.1.3 -> 8.1.4
iwd: upgrade 1.25 -> 1.26
libgsf: upgrade 1.14.48 -> 1.14.49
libjcat: upgrade 0.1.10 -> 0.1.11
libqb: upgrade 2.0.4 -> 2.0.6
libwacom: upgrade 2.1.0 -> 2.2.0
stm32flash: upgrade 0.6 -> 0.7
babl: upgrade 0.1.90 -> 0.1.92
libxmlb: upgrade 0.3.7 -> 0.3.8
monit: upgrade 5.31.0 -> 5.32.0
python3-astroid: upgrade 2.11.0 -> 2.11.2
python3-autobahn: upgrade 22.2.2 -> 22.3.2
python3-pylint: upgrade 2.12.2 -> 2.13.2
python3-pymisp: upgrade 2.4.155.1 -> 2.4.157
python3-redis: upgrade 4.1.4 -> 4.2.0
python3-robotframework: upgrade 4.1.3 -> 5.0
python3-tqdm: upgrade 4.63.0 -> 4.63.1
python3-watchdog: upgrade 2.1.6 -> 2.1.7
python3-pytest-metadata: upgrade 1.11.0 -> 2.0.1
Xu Huan (18):
python3-lz4: upgrade 3.1.10 -> 4.0.0
python3-mccabe: upgrade 0.6.1 -> 0.7.0
python3-pillow: upgrade 9.0.0 -> 9.0.1
python3-snappy upgrade 0.6.0 -> 0.6.1
python3-twine: upgrade 3.7.1 -> 3.8.0
python3-xxhash: upgrade 2.0.2 -> 3.0.0
python3-txaio: upgrade 21.2.1 -> 22.2.1
python3-regex :upgrade 2021.11.10 -> 2022.3.2
python3-pywbemtools: upgrade 0.9.1 -> 1.0.0
python3-pymongo: upgrade 4.0.1 -> 4.0.2
python3-wrapt: upgrade 1.13.3 -> 1.14.0
python3-sqlalchemy: upgrade 1.4.31 -> 1.4.32
python3-sentry-sdk: upgrade 1.5.6 -> 1.5.7
python3-alembic: upgrade 1.7.6 -> 1.7.7
python3-arpeggio: upgrade 1.10.2 -> 2.0.0
python3-cachetools: upgrade 4.2.4 -> 5.0.0
python3-cantools: upgrade 37.0.1 -> 37.0.7
python3-intervals: upgrade 1.10.0.post1 -> 1.10.0
Yi Zhao (5):
netplan: fix parallel build failure
nftables: upgrade 1.0.1 -> 1.0.2
postfix: upgrade 3.6.4 -> 3.6.5
dhcp-relay: upgrade 4.4.2p1 -> 4.4.3
apache2: upgrade 2.4.52 -> 2.4.53
Zoltán Böszörményi (1):
nodejs: Upgrade to 16.14.0
wangmy (3):
python3-waitress: upgrade 2.1.0 -> 2.1.1
openvpn: upgrade 2.5.5 -> 2.5.6
rrdtool: upgrade 1.7.2 -> 1.8.0
poky: 49168f5d55..5fe3689f4f:
Ahmad Fatoum (1):
kernel-fitimage: allow overriding FIT configuration prefix
Alejandro Hernandez Samaniego (1):
initramfs-framework: Add overlayroot module
Alexander Kanavin (36):
sstate: do not add TARGET_ARCH to pkgarch for cross recipes.
OELAYOUT_ABI: bump, avoid tmp/ breakage by removing old cross manifests
libsndfile1: correct upstream version check
libarchive: correct upstream version check
glslang/spirv: synchronize with the rest of vulkan items
rust: update 1.58.1 -> 1.59.0
librsvg: update 2.52.5 -> 2.52.6
xwayland: update 21.1.4 -> 22.1.0
apt: upgrade 2.2.4 -> 2.4.0
kea: upgrade 2.0.1 -> 2.0.2
python3-cython: upgrade 0.29.27 -> 0.29.28
diffoscope: upgrade 204 -> 206
harfbuzz: upgrade 3.4.0 -> 4.0.0
libsecret: upgrade 0.20.4 -> 0.20.5
vulkan: upgrade 1.3.204.0 -> 1.3.204.1
mmc-utils: upgrade to latest revision
webkitgtk: upgrade 2.34.5 -> 2.34.6
openssh: update 8.8 -> 8.9
sysklogd: nobranch in SRC_URI is no longer necessary
libuv: fix upstream version check
bind: all even versions now get long term maintenance windows
dbus-test: merge into main dbus recipe
dbus: merge dbus.inc into the recipe
dbus: update 1.12.22 -> 1.14.0
python3-semantic-version: fix upstream verison check
python3-typing-extensions: fix upstream version check
bind: update 9.16.26 -> 9.18.1
perl-cross: update 1.3.6 -> 1.3.7
perl: update 5.34.0 -> 5.34.1
diffoscope: upgrade 206 -> 207
gtk+3: upgrade 3.24.31 -> 3.24.33
squashfs-tools: correct upstream version check
meson: upgrade 0.61.2 -> 0.61.3
mtools: upgrade 4.0.37 -> 4.0.38
sqlite3: upgrade 3.38.0 -> 3.38.1
python3-sphinx-rtd-theme: correct upstream version check
Alexandre Belloni (1):
scripts/patchreview: handle Inactive-Upstream status
Andrew Jeffery (5):
rust: Introduce arch_to_rust_arch()
rust: Introduce RUST_BUILD_ARCH
rust: Add snapshot checksums for powerpc64le
ipk: Import re in manifest module
ipk: Decode byte data to string in manifest handling
Bill Pittman (1):
wic: Use custom kernel path if provided
Bruce Ashfield (19):
linux-yocto/5.15: riscv64: drop MAXPHYSMEM_128GB
linux-yocto/5.10: features/zram: remove CONFIG_ZRAM_DEF_COMP
linux-yocto/5.15: update to v5.15.24
linux-yocto/5.10: update to v5.10.101
linux-yocto/5.10: Fix ramoops/ftrace
linux-yocto/5.15: arm defconfig fixes
linux-yocto/5.15: update to v5.15.26
linux-yocto/5.10: update to v5.10.103
linux-yocto/5.15: riscv32: drop MAXPHYSMEM_1GB
linux-yocto: nohz_full boot arg fix
linux-yocto/5.10: split vtpm for more granular inclusion
linux-yocto/5.15: split vtpm for more granular inclusion
linux-yocto/5.10: cfg/debug: add configs for kcsan
linux-yocto/5.15: cfg/debug: add configs for kcsan
linux-yocto/5.15: update to v5.15.27
linux-yocto-rt/5.15: update to -rt34
linux-yocto-rt/5.10: update to -rt61
linux-yocto/5.15: update to v5.15.30
linux-yocto/5.10: update to v5.10.107
Carlos Rafael Giani (1):
libsdl2: Add libunwind-native to the libsdl2-native DEPENDS
Changhyeok Bae (2):
repo: upgrade 2.21 -> 2.22
mobile-broadband-provider-info: upgrade 20210805 -> 20220315
Chen Qi (1):
multilib_global.bbclass: fix setting preferred version for canadian recipes
Christian Eggers (7):
license: expand_wildcard_licenses: add AGPL-3.0* wildcard
ref-manual: INCOMPATIBLE_LICENSE: use new license wildcards
glib-2.0: upgrade 2.70.4 -> 2.72.0
rust-common: override RUST_LIBC for crosssdk
machine-sdk: clear ABIEXTENSION for class-crosssdk
rust-crosssdk: use ${RUST_LIBC} in ${PN}
librsvg: reenable nativesdk
Claudius Heine (4):
overlayfs: add systemd unit path prefix to FILES:${PN} array
overlayfs-etc: add condition to package-management feature conflict
files: overlayfs-etc: wrap long lines of preinit file
files: overlayfs-etc: add overlay mount options to preinit
Daniel Gomez (1):
bitbake: contrib: Add Dockerfile for building PR service
Daniel Wagenknecht (4):
copy_buildsystem: allow more layer paths
bitbake: fetch2: ssh: username and password are optional
bitbake: fetch2: ssh: fix path handling
bitbake: fetch2: ssh: support checkstatus
David Reyna (4):
bitbake: toaster: Add 'Kirkstone', 'Honister', and 'Hardknott'. Remove 'Dunfell' and 'Gatesgarth'.
bitbake: toaster: automation to generate fixture files
bitbake: toaster: detect when bitbake crashed
bitbake: toaster: race condition for end-of-build
Diego Sueiro (1):
grub-efi: Add option to include all available modules
Joe Slater (5):
zip: modify when match.S is built
weston: require wayland as a distro feature
expect: modify fixline1 script
weston: use same distro features for weston and westion-init
libxml2: fix CVE-2022-23308 regression
Jose Quaresma (18):
icecc.bbclass: enable networking in all tasks
buildhistory.bbclass: create the buildhistory directory when needed
Revert "cmake.bbclass: Set CXXFLAGS and CFLAGS"
sstate: inside the threadedpool don't write to the shared localdata
gstreamer1.0-plugins-base: libgst is already defined on PACKAGES_DYNAMIC
gstreamer1.0-plugins-packaging: rename variables
gstreamer1.0-plugins-bad/ugly: use the GPL-2.0-or-later only when it is in use
gstreamer1.0: upgrade 1.20.0 -> 1.20.1
gstreamer1.0-plugins-base: upgrade 1.20.0 -> 1.20.1
gstreamer1.0-plugins-good: upgrade 1.20.0 -> 1.20.1
gstreamer1.0-plugins-bad: upgrade 1.20.0 -> 1.20.1
gstreamer1.0-plugins-ugly: upgrade 1.20.0 -> 1.20.1
gstreamer1.0-libav: upgrade 1.20.0 -> 1.20.1
gstreamer1.0-omx: upgrade 1.20.0 -> 1.20.1
gstreamer1.0-vaapi: upgrade 1.20.0 -> 1.20.1
gstreamer1.0-rtsp-server: upgrade 1.20.0 -> 1.20.1
gstreamer1.0-python: upgrade 1.20.0 -> 1.20.1
gst-devtools: upgrade 1.20.0 -> 1.20.1
Kai Kang (1):
python3-pyparsing: rdepends on python3-html
Kamil Dziezyk (1):
libacpi: Build libacpi also for 'aarch64' machines
Khem Raj (42):
musl: Update to latest master
libical: Pass TOOLCHAIN_OPTIONS via CFLAGS
libical: Do not set CC explicitly for gir compiler
insane: Accomodate llvm-objdump
systemtap: Enable for riscv64
packagegroup-core-tools-profile: Enable systemtap for riscv64
kmscube: Fix build when x11 is absent in distro features
virglrenderer: Depend on virtual/egl
zlib: Pass ldflags to configure tests using linking
zip: Pass ldflags to configure tests using linking
qemu: Fix build when x11 is not in distro features
webkitgtk: Fix build when x11 is not in distro features
unzip: Pass LDFLAGS to configure tests
libtool: Recognise additional linker commandline options passed by clang
m4: Fix build on musl/ppc
gcompat: Update to latest
powerpc32-linux: Remove libc cached variables
ppc/siteinfo: Fix differences between musl and glibc
gcompat: Do not use static-pie on ppc
linux-yocto: Ignore textrels for ppc64 kernel
binutils: Bump to latest 2.38 release branch
erofs-utils: Use __SANE_USERSPACE_TYPES__ on ppc64
libstd-rs: Fix build on riscv64/musl
qemu: Fix build on ppc64
qemuppc64.conf: Disable huge vmalloc
qemuppc64: Use smp = 2
libucontext: Upgrade to 1.2 release
python3-cryptography: Upgrade to 36.0.2
weston-init: Use pixman on riscv64 qemu
openssh: Default to not using sandbox when cross compiling
qemuriscv: Use virtio-tablet-pci for mouse
weston-init: Use pixman rendering for qemuppc64
qemu: Fix build on systems without MAP_SYNC
libsdl2: Depend on virtual/egl
piglit: Remove virtual/libgl
waffle: Use the right dependencies as needed
webkitgtk: Depend on virtual/egl instead of virtual/libgl
qemu: Depend on libepoxy instead of virtual/libgl
musl: Update to latest master
diffutils: Fix build on ppc/musl
grep: Fix build on ppc/musl
qemu: Disable for ppc32
Konrad Weihmann (2):
pip_install_wheel: improve wheel handling
setuptools_build_meta: remove python dependency
Lee Chee Yang (1):
poky.conf: update tested distro
Luca Boccassi (3):
mount-copybind: fix shellcheck warning
mount-copybind: add MOUNT_COPYBIND_AVOID_OVERLAYFS env var to skip OverlayFS
volatile-binds: add recipe variable to allow disabling OverlayFS
Mark Hatle (2):
insane.bbclass: Update insane.bbclass to work on FIPS enabled hosts
bitbake: utils/ply: Change md5 usages to work on FIPS enabled hosts
Markus Volk (9):
libxslt: update to v1.1.35
x86-base.inc: replace intel i965 driver with crocus
mesa: update to 22.0.0
gtk+3: remove deprecated option
librsvg: inherit vala
xf86-video-intel: add dependencies; remove dri1
mesa: align target- and native build
libva: make buildable for native and nativesdk
wayland: provide wayland-client-native and wayland-protocols-native
Marta Rybczynska (3):
bitbake: lib/bb: more verbose error message
cve-check: add json format
cve-check: add coverage statistics on recipes with/without CVEs
Michael Halstead (2):
releases: update to include 3.3.5
releases: update to include 3.1.15
Michael Olbrich (1):
kernel.bbclass: avoid config changes based on the availability of pahole
Michael Opdenacker (30):
documentation: remove references to prelink support
documentation/README: how to upgrade Sphinx packages
documentation: individual release note files
documentation: release notes for 3.4.2
bitbake: bitbake-user-manual: further override syntax updates
bitbake: bitbake-user-manual: add "crate" fetcher
bitbake: bitbake-user-manual: stop mentioning the Angstrom distribution
bitbake: bitbake-user-manual: add note about the old syntax for OVERRIDES
bitbake: bitbake-user-manual: yet another overrides syntax update
bitbake: bitbake-user-manual: update allowed characters in overrides
bitbake: bitbake-user-manual: add recent release manuals
local.conf.sample: fix reference to extended configuration sample
local.conf.sample: https and no newline for SSTATE_MIRRORS
conf/machine: fix QEMU x86 sound options
bitbake: doc: bitbake-user-manual: reorder variable definitions
docs: overview-manual: formating fixes
docs: migration-3.5.rst: fix "distutils" typo
docs: update examples to add branch info to git URIs
documentation/README: correct heading styles actually used in the YP manuals
manuals: inclusive language updates
dev-manual: details about using firewalls and limiting fetch threads
docs: brief-yoctoprojectqs: update video tutorial
docs: ref-system-requirements.rst: update list of supported distros
ref-manual: sort list of variables in generated output
ref-manual: reorder variable definitions
doc: migration-3.5: move the distutils changes to the class changes section
doc: migration-3.5: variable changes for inclusive language
bitbake: doc: bitbake-user-manual: add branch parameter to git SRC_URI examples
bitbake: doc: bitbake-user-manual: branch parameter now mandatory in git SRC_URIs
bitbake: bitbake: bitbake-user-manual: punctuation fixes
Ming Liu (5):
image.bbclass: make sure do_rootfs run from a clean workspace
weston-init: add use-pixman PACKAGECONFIG
kernel-fitimage.bbclass: introduce get_fit_replacement_type function
kernel-fitimage.bbclass: change 'echo' to 'bbnote'
kernel-fitimage.bbclass: introduce FIT_SUPPORTED_INITRAMFS_FSTYPES
Minjae Kim (2):
gnu-config: update SRC_URI
virglrenderer: update SRC_URI
Nicholas Sielicki (1):
dev-manual: note on using journald without syslog
Olaf Mandel (1):
bitbake: fetch2/git: stop generated tarballs from leaking info
Oleksandr Ocheretnyi (1):
kernel-devsrc: do not copy Module.symvers file during install
Peter Kjellerstedt (24):
license.py: Correct a comment
gma500-gfx-check: Update LICENSE to use an SPDX license identifier
default-distrovars.inc: Remove the empty default for WHITELIST_GPL-3.0
selftest: recipetool: Correct the URI for socat
recipetool/create_buildsys_python: Add support for more known licenses
recipetool: Use SPDX license identifiers
meta, meta-selftest: Replace more non-SPDX license identifiers
manuals: Update LICENSE vars in examples to use SPDX license identifiers
bitbake: knotty.py: Improve the message while waiting for running tasks to finish
bitbake: knotty.py: Correct the width of the progress bar for the real tasks
bitbake: knotty.py: A little clean up of TerminalFilter::updateFooter()
oe-pkgdata-util: Adapt to the new variable override syntax
create-spdx.bbclass: Remove an unnecessary path from do_create_spdx[dirs]
deploy.bbclass: Remove an unnecessary path from do_deploy[dirs]
package.bbclass: Remove an unnecessary path from do_package[dirs]
image.bbclass: Remove two unnecessary paths from do_rootfs[dirs]
go: Remove three unnecessary paths from do_compile[dirs]
selftest/incompatible_lic: Remove references to AVAILABLE_LICENSES
create-spdx.bbclass: Simplify extraction of license text
license.bbclass: Remove the available_licenses() function
bitbake: server/process: Correct a typo in a comment
glib-2.0: Remove a leftover comment
libdnf: Add a dependency on util-linux
python3: Add a dependency on ncurses
Pgowda (1):
binutils: Avoid Race condition in as.info
Quentin Schulz (1):
ref-manual: classes: provide command with ready-to-use password
Ralph Siemsen (2):
libxml2: move to gitlab.gnome.org
libxml2: update to 2.9.13
Randy MacLeod (1):
libarchive: upgrade 3.5.3 -> 3.6.0
Ricardo Salveti (1):
libpam: use /run instead of /var/run in systemd tmpfiles
Richard Neill (1):
systemd: Update 250.3 -> 250.4
Richard Purdie (113):
pip_install_wheel: Use BPN instead of PN to construct PYPI_PACKAGE default
mutlilib: Handle WHITELIST_GPL-3.0 being unset
recipetool/devtool: Further SPDX identifier cleanups
license/insane: Show warning for obsolete license usage
license: Rework INCOMPATIBLE_LICENSE wildcard handling
libsndfile: Fix missing external library support
python3-native: Drop opt-1 and opt-2 pyc files
cmake-native: Remove help docs from the native sysroot
python3-native: Remove all pyc files
python3: Drop opt1 and opt2 pyc files from target
Revert "libsdl2: Add libunwind-native to the libsdl2-native DEPENDS"
Revert "libical: Pass TOOLCHAIN_OPTIONS via CFLAGS"
layer.conf: Filter docs dependencies for efficiency
layer.conf: Add libarchive-native e2fsprogs-native exclusion from sysroot
python3: Reduce util-linux dependency to util-linux-libuuid
layer.conf: Allow sysroot dependencies on perlcross-native to be skipped
bitbake: knotty: Correctly handle multiple line items
bitbake: knotty: Improve setscene task display
expat: Upgrade 2.4.6 -> 2.4.7
build-appliance-image: Update to master head revision
vim: Update to 8.2.4524 for further CVE fixes
bitbake: server/xmlrpcserver: Add missing xmlrpcclient import
bitbake: uievent: Fix import warning for python 3.10
bitbake: cooker: Fix environment history printing
bitbake: toaster: Fix IMAGE_INSTALL issues with _append vs :append
bitbake: toaster: move gen_fixtures to the correct path
Revert "mesa: make sure GLES3 headers are installed"
oeqa/runtime/ping: Improve failure message to include more detail
scripts/runqemu: Fix memory limits for qemux86-64
shadow-native: Simplify and fix syslog disable patch
bitbake: bitbake: Bump to version 2.0.0
poky: Bump to 4.0 in preparation for release
python3-psutil/python3-bcrypt: Add missing HOMEPAGE
py3o: Rename to python_py3o
setuptools3_rust: Rename to python_setuptools3_rust
poetry_core: Rename to python_poetry_core
python3-cryptography: Add missing ptest tomli dependency
python3-cryptography-vectors: Fix reproducibility
perf-build-test/report: Drop phantomjs and html email reports support
create-spdx: Use function rather than AVAILABLE_LICENSES
sstate: Allow optimisation of do_create_spdx task dependencies
license: Drop AVAILABLE_LICENSES
libstd-rs: Extend to nativesdk
rust-cross: Add rust-crosssdk variant for nativesdk use
cargo: Add missing nativesdk support
python3-cryptography: Fix ptest result handling
python3-docutil: Extend to nativesdk
bitbake: data_smart: Skip commonly accessed variables from variable data context lookup
bitbake: data_smart: Avoid multiple getVarFlag calls
bitbake: codeparser: Avoid log bufer overhead in cache case
python3-snowballstemmer: Add new recipe
python3-imagesize: Add new recipe
python3-alabaster: Add new recipe
python3-pyasn1: Add from meta-oe/meta-python
ptest-packagelists.inc: Add python3-pyasn1 to fast ptests list
python3-certifi: Add from meta-oe/meta-python
python3-chardet: Add from meta-oe/meta-python
python3-ndg-httpsclient: Add from meta-oe/meta-python
python3-pyopenssl: Add from meta-oe/meta-python
python3-pysocks: Add from meta-oe/meta-python
python3-pytest-runner: Add from meta-oe/meta-python
python3-requests: Add from meta-oe/meta-python
python3-urllib3: Add from meta-oe/meta-python
python3-babel: Add recipe from meta-oe/meta-python
python3-sphinxcontrib-qthelp: Add new recipe
python3-sphinxcontrib-devhelp: Add new recipe
python3-sphinxcontrib-htmlhelp: Add new recipe
python3-sphinxcontrib-serializinghtml: Add new recipe
python3-sphinxcontrib-jsmath: Add new recipe
python3-sphinxcontrib-applehelp: add new recipe
python3-sphinx-rtd-theme: Add new recipe
python3-sphinx: Add a new recipe
python3-sphinx: Work around reproducibility issue
python3: Add missing HOMEPAGE entries
maintainers.inc: Add new python recipes
Add buildtools-docs-tarball recipe
buildtools-docs-tarball: Add test for building documentation using sphinx
oeqa/selftest/tinfoil: Improve tinfoil event test debugging
toaster: Fix broken overrides usage
poky.yaml: Drop POKYVERSION and YOCTO_POKY references
poky.yaml: Drop unused YOCTO_DOC_VERSION_MINUS_ONE
Makefile/set_versions: Allow poky.yaml to be autogenerated
conf.py/set_versions/poky.yaml: Set version in conf.py from poky.yaml
set_versions: Add support for setting POKYVERSION found in older releases
set_versions/switchers.js: Allow switchers.js version information to be autogenerated
set_versions: Various improvements
set_versions: Handle dev branch in switchers correctly
set_versions/switchers: Drop versions shown to the active releases
pseudo: Add patch to workaround paths with crazy lengths
libtool: Upgrade 2.4.6 -> 2.4.7
bitbake: siggen: Improve ambiguous use of 'dependent'
Revert "set_versions: Handle dev branch in switchers correctly"
Revert "set_versions/switchers: Drop versions shown to the active releases"
set_versions: Handle dev branch in switchers correctly
set_versions: Correct devbranch comparision
bitbake: utils: Fix lockfile path length issues
sanity: Add warning for local hasheqiv server with remote sstate mirrors
bitbake: tinfoil: Allow run_command not to wait on events
bitbake: cooker/siggen: Support exit calls and use for hashserv client
bitbake: siggen: Add missing reset handler to hashserv signature generator
bitbake: server/process: Move threads left debug to after cooker shutdown
bitbake: cooker: Fix inotify watches causing memory resident bitbake corruption
perl: Add missing RDEPENDS
oeqa/selftest/tinfoil: Fix intermittent event loss issue in test
create-spdx: Avoid regex warning by quoting correctly
bitbake: cooker: Fix exception handling in parsers
bitbake: cooker: Fix main loop starvation when parsing
bitbake: cooker: Improve exception handling in parsing process
bitbake: cooker: Simplify parser init function handling
bitbake: cooker/process: Fix signal handling lockups
bitbake: cooker: Rework force parser shutdown
bitbake: build: Add missing parameter to TaskInvalid
poky: Drop PREMIRRORS entries for scms
Robert Joslyn (1):
curl: Update to 7.82.0
Robert P. J. Day (1):
scripts: Various typo/grammar/punctuation fixes
Robert Yang (4):
coreutils: Disable statx for native build
perl: Makefile.PL: Fix _PATH_LOG for deterministic
quilt: Disable external sendmail for deterministic build
cups: Add --with-dbusdir to EXTRA_OECONF for deterministic build
Ross Burton (67):
Revert "cve-check: add lockfile to task"
classes: add setuptools3_legacy
asciidoc: update git repository
bmap-tools: remove redundant python3native inherit
setuptools3.bbclass: clean up
pip_install_wheel: clean up
pip_install_wheel: don't lazy assign PIPINSTALLARGS
python3-pip: remove obsolete and confusing comment
flit_core: clean up configure/compile
setuptools_build_meta: clean up configure/compile
flit_core: respect PIP_INSTALL_DIST_PATH
flit_core: add variable to control where pyproject.toml is located
setuptools_build_meta: respect PIP_INSTALL_DIST_PATH
setuptools_build_meta: add variable to control where pyproject.toml is located
python3-flit-core: improve recipe
setuptools3: respect PIP_INSTALL_DIST_PATH
python3-pip: clean up PYPA_WHEEL usage
python3-setuptools3: clean up PYPA_WHEEL usage
python3-wheel: clean up PYPA_WHEEL usage
bmap-tools: remove redundant PYPA_WHEEL
python3-markdown: use setuptools_build_meta
python3-pyrsistent: use setuptools_build_meta
python3-pyyaml: use setuptools_build_meta
python3-scons: remove PIP_INSTALL_DIST_PATH
pip_install_wheel: generate the wheels in directory we control outside of S
pip_install_wheel: install wheel with a glob
python3-scons: remove redundant FILES:${PN}-doc
flit_core: remove redundant python3-pip-native DEPENDS
python3-pip: remove redundant DEPENDS on python3-setuptools-native
pip_install_wheel: add a generic do_install for bootstrapping
seatd: upgrade to 0.6.4 (fixes CVE-2022-25643)
setuptools3-base: improve RDEPENDS assignment
meta: remove obsolete PIP_INSTALL_PACKAGE
meta: rename pip_install_wheel.bbclass to python_pep517.bbclass
python_pep517: move PEP517_SOURCE_PATH to python_pep517
python3-setuptools-rust-native: remove obsolete PIP_*
python3-poetry-core: remove obsolete PIP_INSTALL_PACKAGE
poetry_core: update for renamed class pip_install_wheel to python_pep517
python3-cryptography: mark test_create_certificate_with_extensions as expected to fail
python3-cryptography: remove obsolete PIP_INSTALL_DIST_PATH
python3-installer: add installer module
python_pep517: use installer instead of pip
devupstream: fix handling of SRC_URI
linux-yocto: remove redundant devupstream assignments
python3-setuptools-rust-native: use setuptools_build_meta
openssl: upgrade to 3.0.2
Update documentation for Python packaging changes
python3-packaging: remove duplicate python3-setuptools-native DEPENDS
classes/flit_core: use python_pep517_do_compile
classes/python_pep517: implement a standard do_compile
classes/python_poetry_core: use python_pep517_do_compile
classes/python_pep517: add more comments
classes/setuptools_build_meta: use python_pep517_do_compile
classes/flit_core: rename to python_flit_core
classes/python_pep517: consolidate stub do_configure
lttng-modules: remove redundant devupstream assignments
python3-cryptography: enforce identical version for -cryptography-vectors
python3-cryptography-vectors: upgrade to 36.0.2
classes/setuptools_build_meta: rename to python_setuptools_build_meta
bitbake: bitbake: knotty: display active tasks when printing keepAlive() message
bitbake: bitbake: knotty: reduce keep-alive timeout from 5000s (83 minutes) to 10 minutes
tiff: backport CVE fixes:
python3: ignore CVE-2022-26488
oeqa/runtime/context: remove duplicate sys.path entries when looking for modules
grub: ignore CVE-2021-46705
qemu: backport fixes for CVE-2022-26353 and CVE-2022-26354
zlib: backport the fix for CVE-2018-25032
Sakib Sajal (1):
perl: generate alternative link for streamzip
Samuli Piippo (2):
mesa: make sure GLES3 headers are installed
binutils-cross-canadian: enable gold for mingw
Saul Wold (4):
base/license: Rework INCOMPATIBLE_LICENSE variable handling
convert-variable-renames: Fix output string
meta/scripts: Improve internal variable naming
documentation: Update for skip_recipe rename
Stefan Herbrechtsmeier (4):
systemd: move systemd shared library into its own package
classes: rootfs-postcommands: include /etc/fstab in overlayfs_qa_check
oeqa: selftest: overlayfs: add test for image with fstab entry
zstd: add libzstd package
Tean Cunningham (1):
rootfs-postcommands: amend systemd_create_users add user to group check
Tim Orling (44):
flit_core: inherit setuptools3-base
flit_core: export do_configure and do_compile
python3-tomli: inherit flit_core
python3-flit-core: upgrade 3.6.0 to 3.7.1
docs: update setuptools3 class
docs: ref-manual: drop distutils from variables
docs: ref-manual: remove distutils* from classes
docs: migration-3.5: distutils move
docs: migration-2.6 drop distutils labels, terms
docs: migration-3.3 drop distutils labels, terms
docs: add new python packaging classes
docs: add pip install variables
python3-jsonschema: upgrade 3.2.0 -> 4.4.0
python3-importlib-metadata: upgrade 4.10.1 -> 4.11.2
bitbake: toaster-requirements.txt: Django 3.2 LTS
bitbake: toaster: Update docs links in templates
bitbake: toaster: orm/models -- drop django.utils.six
bitbake: toaster: set DEFAULT_AUTO_FIELD
bitbake: toaster: migratation for models.BigAutoField
bitbake: bitbake: buildinfohelper.py fix for Django 3.2
bitbake: toaster: drop landing_not_managed template
python3-setuptools-rust-native: from meta-python
pyo3.bbclass: move from meta-python
setuptools3_rust.bbclass: move from meta-python
python3-cryptography: move from meta-python
python3-pytest-subtests: move from meta-python
python3-cryptography-vectors: from meta-python
python3-asn1crypto: move from meta-python
python3-cffi: move from meta-python
python3-pytz: move from meta-python
python3-bcrypt: move from meta-python
python3-pretend: move from meta-python
python3-psutil: move from meta-python
poetry_core.bbclass: move from meta-python
python3-poetry-core: move from meta-python
python3-iso8601: move from meta-python
python3-typing-extensions: move from meta-python
python3-semantic-version: move from meta-python
python3-pycparser: move from meta-python
python3-ply: move from meta-python
maintainers.inc: add python3-crypto and friends
ptest-packagelists.inc: add python3-cryptography
ptest-packagelists: add python3-bcrypt and -pytz
python3-pytest: upgrade 7.0.1 -> 7.1.1
Tony McDowell (1):
dev-manual: add instructions for compacting WSLv2 VHDX files
Trevor Gamblin (3):
iptables: do not install /etc/ethertypes
iptables: use nft backend with libnftnl PACKAGECONFIG
python3: upgrade 3.10.2 -> 3.10.3
Zoltán Böszörményi (1):
mesa: Allow building Mesa's OpenCL through PACKAGECONFIG
leimaohui (1):
bitbake: monitordisk.py: Deleted redundant word in warning message.
wangmy (72):
python3-git: upgrade 3.1.26 -> 3.1.27
ell: upgrade 0.48 -> 0.49
libgit2: upgrade 1.4.1 -> 1.4.2
nghttp2: upgrade 1.46.0 -> 1.47.0
python3-dbusmock: upgrade 0.25.0 -> 0.26.1
python3-hypothesis: upgrade 6.37.2 -> 6.39.0
at: upgrade 3.2.4 -> 3.2.5
dbus: upgrade 1.12.20 -> 1.12.22
ccache: upgrade 4.5.1 -> 4.6
libjpeg-turbo: upgrade 2.1.2 -> 2.1.3
libsolv: upgrade 0.7.20 -> 0.7.21
libva: upgrade 2.13.0 -> 2.14.0
mesa: upgrade 21.3.6 -> 21.3.7
ovmf: upgrade 202111 -> 202202
wget: upgrade 1.21.2 -> 1.21.3
sqlite3: upgrade 3.37.2 -> 3.38.0
sysstat: upgrade 12.4.4 -> 12.4.5
btrfs-tools: upgrade 5.16 -> 5.16.2
python3-hypothesis: upgrade 6.39.0 -> 6.39.2
cmake: upgrade 3.22.2 -> 3.22.3
asciidoc: upgrade 10.1.3 -> 10.1.4
go: upgrade 1.17.7 -> 1.17.8
gpgme: upgrade 1.17.0 -> 1.17.1
python3-pycairo: upgrade 1.20.1 -> 1.21.0
stress-ng: upgrade 0.13.11 -> 0.13.12
sudo: upgrade 1.9.9 -> 1.9.10
createrepo-c: upgrade 0.18.0 -> 0.19.0
dnf: upgrade 4.10.0 -> 4.11.1
harfbuzz: upgrade 4.0.0 -> 4.0.1
libdnf: upgrade 0.65.0 -> 0.66.0
librsvg: upgrade 2.52.6 -> 2.52.7
linux-firmware: upgrade 20220209 -> 20220310
python3-importlib-metadata: upgrade 4.11.2 -> 4.11.3
lttng-modules: upgrade 2.13.1 -> 2.13.2
python3-numpy: upgrade 1.22.2 -> 1.22.3
libcgroup: upgrade 2.0 -> 2.0.1
libuv: upgrade 1.43.0 -> 1.44.1
dpkg: upgrade 1.21.1 -> 1.21.2
gobject-introspection: upgrade 1.70.0 -> 1.72.0
libdazzle: upgrade 3.42.0 -> 3.44.0
libsolv: upgrade 0.7.21 -> 0.7.22
man-db: upgrade 2.10.1 -> 2.10.2
python3-markupsafe: upgrade 2.1.0 -> 2.1.1
vala: upgrade 0.54.7 -> 0.56.0
adwaita-icon-theme: upgrade 41.0 -> 42.0
bluez5: upgrade 5.63 -> 5.64
gnutls: upgrade 3.7.3 -> 3.7.4
gsettings-desktop-schemas: upgrade 41.0 -> 42.0
rng-tools: enable macro JENT_CONF_ENABLE_INTERNAL_TIMER
libjitterentropy: upgrade 3.3.1 -> 3.4.0
apt: upgrade 2.4.0 -> 2.4.3
atk: upgrade 2.36.0 -> 2.38.0
cronie: upgrade 1.5.7 -> 1.6.0
diffoscope: upgrade 207 -> 208
dpkg: upgrade 1.21.2 -> 1.21.4
glib-networking: upgrade 2.70.1 -> 2.72.0
iproute2: upgrade 5.16.0 -> 5.17.0
libevdev: upgrade 1.12.0 -> 1.12.1
libsoup: upgrade 3.0.4 -> 3.0.5
lttng-modules: upgrade 2.13.2 -> 2.13.3
lttng-ust: upgrade 2.13.1 -> 2.13.2
msmtp: upgrade 1.8.19 -> 1.8.20
sqlite3: upgrade 3.38.1 -> 3.38.2
python3-asn1crypto: upgrade 1.4.0 -> 1.5.1
python3-dbusmock: upgrade 0.26.1 -> 0.27.3
python3-hypothesis: upgrade 6.39.2 -> 6.39.5
python3-imagesize: upgrade 1.2.0 -> 1.3.0
python3-jinja2: upgrade 3.0.3 -> 3.1.1
python3-pytest-runner: upgrade 5.3.1 -> 6.0.0
python3-pytest-subtests: upgrade 0.6.0 -> 0.7.0
python3-pytz: upgrade 2021.3 -> 2022.1
python3-urllib3: upgrade 1.26.8 -> 1.26.9
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ib4c513b74dbc38e31b3792d8323e877294f959d9
Diffstat (limited to 'meta-security')
18 files changed, 31 insertions, 227 deletions
diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf index 1f8359367f..21f03d1ef2 100644 --- a/meta-security/conf/layer.conf +++ b/meta-security/conf/layer.conf @@ -16,3 +16,6 @@ LAYERDEPENDS_security = "core openembedded-layer perl-layer networking-layer met # Sanity check for meta-security layer. # Setting SKIP_META_SECURITY_SANITY_CHECK to "1" would skip the bbappend files check. INHERIT += "sanity-meta-security" + +QB_KERNEL_CMDLINE_APPEND = " ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', 'apparmor=1 security=apparmor', '', d)}" + diff --git a/meta-security/kas/kas-security-alt.yml b/meta-security/kas/kas-security-alt.yml index f073216cd8..3ee980877e 100644 --- a/meta-security/kas/kas-security-alt.yml +++ b/meta-security/kas/kas-security-alt.yml @@ -3,11 +3,6 @@ header: includes: - kas-security-base.yml -repos: - meta-rust: - url: https://github.com/meta-rust/meta-rust.git - refspec: master - local_conf_header: alt: | DISTRO_FEATURES:append = " systemd" diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb index dd32397a65..230c85951e 100644 --- a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb +++ b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb @@ -11,7 +11,7 @@ do_install () { if [ -e "${IMA_EVM_X509}" ]; then install -d ${D}/${sysconfdir}/keys install "${IMA_EVM_X509}" ${D}${sysconfdir}/keys/x509_evm.der - lnr ${D}${sysconfdir}/keys/x509_evm.der ${D}${sysconfdir}/keys/x509_ima.der + ln -rs ${D}${sysconfdir}/keys/x509_evm.der ${D}${sysconfdir}/keys/x509_ima.der fi } do_install[file-checksums] += "${@'${IMA_EVM_X509}:%s' % os.path.exists('${IMA_EVM_X509}')}" diff --git a/meta-security/meta-parsec/README.md b/meta-security/meta-parsec/README.md index bb4c2b9798..85e0d10f4f 100644 --- a/meta-security/meta-parsec/README.md +++ b/meta-security/meta-parsec/README.md @@ -80,7 +80,7 @@ Manual testing with runqemu This layer also contains a recipe for pasec-tool which can be used for manual testing of the Parsec service: - IMAGE_INSTALL:append = " parsec-tools" + IMAGE_INSTALL:append = " parsec-tool" There are a series of Parsec Demo videos showing how to use parsec-tool to test the Parsec service base functionality: diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.bb b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.bb index 1cbf2bd5af..3f12139b7a 100644 --- a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.bb +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_0.8.1.bb @@ -12,7 +12,12 @@ SRC_URI += "crate://crates.io/parsec-service/${PV} \ DEPENDS = "clang-native" -PACKAGECONFIG ??= "TPM PKCS11 MBED-CRYPTO CRYPTOAUTHLIB" +PACKAGECONFIG ??= "PKCS11 MBED-CRYPTO CRYPTOAUTHLIB" + +have_TPM = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'TPM', '', d)}" +PACKAGECONFIG:append = " ${@bb.utils.contains('BBFILE_COLLECTIONS', 'tpm-layer', '${have_TPM}', '', d)}" + + PACKAGECONFIG[ALL] = "all-providers cryptoki/generate-bindings tss-esapi/generate-bindings,,tpm2-tss libts,libts" PACKAGECONFIG[TPM] = "tpm-provider tss-esapi/generate-bindings,,tpm2-tss" PACKAGECONFIG[PKCS11] = "pkcs11-provider cryptoki/generate-bindings," diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb index 549a8889a1..cf6d531e8f 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb @@ -4,7 +4,7 @@ SUMARRY = "The OpenSCAP Daemon is a service that runs in the background." HOME_URL = "https://www.open-scap.org/tools/openscap-daemon/" LIC_FILES_CHKSUM = "file://LICENSE;md5=40d2542b8c43a3ec2b7f5da31a697b88" -LICENSE = "LGPL-2.1" +LICENSE = "LGPL-2.1-only" DEPENDS = "python3-dbus" @@ -13,7 +13,7 @@ SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol= file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \ " -inherit setuptools3 +inherit setuptools_build_meta S = "${WORKDIR}/git" diff --git a/meta-security/meta-security-isafw/classes/isafw.bbclass b/meta-security/meta-security-isafw/classes/isafw.bbclass index da6bf76393..3854c0fcaf 100644 --- a/meta-security/meta-security-isafw/classes/isafw.bbclass +++ b/meta-security/meta-security-isafw/classes/isafw.bbclass @@ -105,7 +105,7 @@ python process_reports_handler() { os.environ["PATH"] = savedenv["PATH"] } -do_build[depends] += "cve-update-db-native:do_populate_cve_db ca-certificates-native:do_populate_sysroot" +do_build[depends] += "cve-update-db-native:do_fetch ca-certificates-native:do_populate_sysroot" do_build[depends] += "python3-lxml-native:do_populate_sysroot" # These tasks are intended to be called directly by the user (e.g. bitbake -c) @@ -179,7 +179,6 @@ fakeroot python do_analyse_image() { } do_rootfs[depends] += "checksec-native:do_populate_sysroot ca-certificates-native:do_populate_sysroot" -do_rootfs[depends] += "prelink-native:do_populate_sysroot" do_rootfs[depends] += "python3-lxml-native:do_populate_sysroot" isafw_init[vardepsexclude] = "DATETIME" diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb index bfe6e3af09..7ba5004dc9 100644 --- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb +++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb @@ -15,7 +15,6 @@ RDEPENDS:packagegroup-security-tpm = " \ tpm-quote-tools \ swtpm \ openssl-tpm-engine \ - libtpm \ ${X86_TPM_MODULES} \ " diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.3.bb index 8fe62cf25d..c03c44c05d 100644 --- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb +++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.3.bb @@ -2,8 +2,8 @@ SUMMARY = "LIBPM - Software TPM Library" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" -SRCREV = "f6dd8f55eab4910131ec6a6a570dcd7951bd10e4" -SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8;protocol=https" +SRCREV = "3f8fbc831b7bc3a6cc8422c432f577596b4cf3df" +SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.9;protocol=https" PE = "1" diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch b/meta-security/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch deleted file mode 100644 index 5aee933b92..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch +++ /dev/null @@ -1,65 +0,0 @@ -Don't check for tscd deamon on host. - -Upstream-Status: OE Specific - -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Index: git/configure.ac -=================================================================== ---- git.orig/configure.ac -+++ git/configure.ac -@@ -179,15 +179,6 @@ AC_SUBST([LIBTPMS_LIBS]) - AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt") - AC_SUBST([LIBRT_LIBS]) - --AC_PATH_PROG([TCSD], tcsd) --if test "x$TCSD" = "x"; then -- have_tcsd=no -- AC_MSG_WARN([tcsd could not be found; typically need it for tss user account and tests]) --else -- have_tcsd=yes --fi --AM_CONDITIONAL([HAVE_TCSD], test "$have_tcsd" != "no") -- - dnl We either need netstat (more common across systems) or 'ss' for test cases - AC_PATH_PROG([NETSTAT], [netstat]) - if test "x$NETSTAT" = "x"; then -@@ -440,23 +431,6 @@ AC_ARG_WITH([tss-group], - [TSS_GROUP="tss"] - ) - --case $have_tcsd in --yes) -- AC_MSG_CHECKING([whether TSS_USER $TSS_USER is available]) -- if ! test $(id -u $TSS_USER); then -- AC_MSG_ERROR(["$TSS_USER is not available"]) -- else -- AC_MSG_RESULT([yes]) -- fi -- AC_MSG_CHECKING([whether TSS_GROUP $TSS_GROUP is available]) -- if ! test $(id -g $TSS_GROUP); then -- AC_MSG_ERROR(["$TSS_GROUP is not available"]) -- else -- AC_MSG_RESULT([yes]) -- fi -- ;; --esac -- - AC_SUBST([TSS_USER]) - AC_SUBST([TSS_GROUP]) - -Index: git/tests/Makefile.am -=================================================================== ---- git.orig/tests/Makefile.am -+++ git/tests/Makefile.am -@@ -83,10 +83,6 @@ TESTS += \ - test_tpm2_swtpm_cert \ - test_tpm2_swtpm_cert_ecc \ - test_tpm2_swtpm_setup_create_cert --if HAVE_TCSD --TESTS += \ -- test_tpm2_samples_create_tpmca --endif - endif - - EXTRA_DIST=$(TESTS) \ diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb index 63734b9b36..85e4c5d557 100644 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb +++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb @@ -6,10 +6,9 @@ SECTION = "apps" # expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib" -SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1" -SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6;protocol=https \ +SRCREV = "92a7035f45d9b08aa7c6b8bd6fa4c6916ef07a9e" +SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \ file://ioctl_h.patch \ - file://oe_configure.patch \ " PE = "1" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb index 3b3da4fa03..b47d53a689 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb +++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb @@ -9,7 +9,7 @@ SECTION = "tpm" LICENSE = "CPL-1.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9" -DEPENDS = "libtspi openssl perl" +DEPENDS = "libtspi openssl perl-native" DEPENDS:class-native = "trousers-native" SRCREV = "bf43837575c5f7d31865562dce7778eae970052e" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.1.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.1.0.bb index e0f2d0940f..ddcfb58ea8 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.1.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.1.0.bb @@ -12,7 +12,7 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN SRC_URI[sha256sum] = "8900a6603f74310b749b65f23c3461cde6e2a23a5f61058b21004c25f9cf19e8" -inherit autotools pkgconfig systemd extrausers +inherit autotools pkgconfig systemd useradd PACKAGECONFIG ??= "" PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " @@ -22,10 +22,9 @@ EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev EXTRA_OECONF += "--runstatedir=/run" EXTRA_OECONF:remove = " --disable-static" -EXTRA_USERS_PARAMS = "\ - useradd -p '' tss; \ - groupadd tss; \ - " +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system tss" +USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" do_install:append() { # Remove /run as it is created on startup diff --git a/meta-security/recipes-mac/AppArmor/apparmor_3.0.1.bb b/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb index 818be155c0..8ad3c76ae1 100644 --- a/meta-security/recipes-mac/AppArmor/apparmor_3.0.1.bb +++ b/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb @@ -18,20 +18,18 @@ SRC_URI = " \ file://run-ptest \ file://crosscompile_perl_bindings.patch \ file://0001-Makefile.am-suppress-perllocal.pod.patch \ - file://0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch \ file://0001-Makefile-fix-hardcoded-installation-directories.patch \ file://0001-rc.apparmor.debian-add-missing-functions.patch \ - file://py3_10_fixup.patch \ " -SRCREV = "b23de501807b8b5793e9654da8688b5fd3281154" +SRCREV = "9799fbde997820bb12a49e292356f7a6ce12e972" S = "${WORKDIR}/git" PARALLEL_MAKE = "" COMPATIBLE_MACHINE:mips64 = "(!.*mips64).*" -inherit pkgconfig autotools-brokensep update-rc.d python3native python3targetconfig perlnative cpan systemd features_check bash-completion +inherit pkgconfig autotools-brokensep update-rc.d python3native python3targetconfig perlnative cpan systemd features_check bash-completion setuptools3 REQUIRED_DISTRO_FEATURES = "apparmor" diff --git a/meta-security/recipes-mac/AppArmor/files/0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch b/meta-security/recipes-mac/AppArmor/files/0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch deleted file mode 100644 index e7abd602c9..0000000000 --- a/meta-security/recipes-mac/AppArmor/files/0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 5ed21abbef4d4c2983e70bd2868fb817150e883e Mon Sep 17 00:00:00 2001 -From: Armin Kuster <akuster808@gmail.com> -Date: Sat, 3 Oct 2020 11:26:46 -0700 -Subject: [PATCH] Revert "profiles: Update 'make check' to select tools based - on USE_SYSTEM" - -This reverts commit 6016f931ebf7b61e1358f19453ef262d9d184a4e. - -Upstream-Status: Inappropriate [OE specific] -These changes cause during packaging with perms changing. - -Signed-off-by: Armin Kuster <akuster808@gmail.com> - ---- - profiles/Makefile | 50 ++++++++++------------------------------------- - 1 file changed, 10 insertions(+), 40 deletions(-) - -diff --git a/profiles/Makefile b/profiles/Makefile -index ba47fc16..5384cb05 100644 ---- a/profiles/Makefile -+++ b/profiles/Makefile -@@ -35,49 +35,9 @@ EXTRAS_SOURCE=./apparmor/profiles/extras/ - SUBDIRS=$(shell find ${PROFILES_SOURCE} -type d -print) - TOPLEVEL_PROFILES=$(filter-out ${SUBDIRS}, $(wildcard ${PROFILES_SOURCE}/*)) - --ifdef USE_SYSTEM -- PYTHONPATH= -- PARSER?=apparmor_parser -- LOGPROF?=aa-logprof --else -- # PYTHON_DIST_BUILD_PATH based on libapparmor/swig/python/test/Makefile.am -- PYTHON_DIST_BUILD_PATH = ../libraries/libapparmor/swig/python/build/$$($(PYTHON) -c "import distutils.util; import platform; print(\"lib.%s-%s\" %(distutils.util.get_platform(), platform.python_version()[:3]))") -- LIBAPPARMOR_PATH=../libraries/libapparmor/src/.libs/ -- LD_LIBRARY_PATH=$(LIBAPPARMOR_PATH):$(PYTHON_DIST_BUILD_PATH) -- PYTHONPATH=../utils/:$(PYTHON_DIST_BUILD_PATH) -- PARSER?=../parser/apparmor_parser -- # use ../utils logprof -- LOGPROF?=LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) PYTHONPATH=$(PYTHONPATH) $(PYTHON) ../utils/aa-logprof --endif -- - # $(PWD) is wrong when using "make -C profiles" - explicitely set it here to get the right value - PWD=$(shell pwd) - --.PHONY: test-dependencies --test-dependencies: __parser __libapparmor -- -- --.PHONY: __parser __libapparmor --__parser: --ifndef USE_SYSTEM -- @if [ ! -f $(PARSER) ]; then \ -- echo "error: $(PARSER) is missing. Pick one of these possible solutions:" 1>&2; \ -- echo " 1) Test using the in-tree parser by building it first and then trying again. See the top-level README for help." 1>&2; \ -- echo " 2) Test using the system parser by adding USE_SYSTEM=1 to your make command." 1>&2; \ -- exit 1; \ -- fi --endif -- --__libapparmor: --ifndef USE_SYSTEM -- @if [ ! -f $(LIBAPPARMOR_PATH)libapparmor.so ]; then \ -- echo "error: $(LIBAPPARMOR_PATH)libapparmor.so is missing. Pick one of these possible solutions:" 1>&2; \ -- echo " 1) Build against the in-tree libapparmor by building it first and then trying again. See the top-level README for help." 1>&2; \ -- echo " 2) Build against the system libapparmor by adding USE_SYSTEM=1 to your make command." 1>&2; \ -- exit 1; \ -- fi --endif -- - local: - for profile in ${TOPLEVEL_PROFILES}; do \ - fn=$$(basename $$profile); \ -@@ -109,6 +69,16 @@ else - Q= - endif - -+ifndef PARSER -+# use system parser -+PARSER=../parser/apparmor_parser -+endif -+ -+ifndef LOGPROF -+# use ../utils logprof -+LOGPROF=PYTHONPATH=../utils $(PYTHON) ../utils/aa-logprof -+endif -+ - .PHONY: docs - # docs: should we have some here? - docs: --- -2.17.1 - diff --git a/meta-security/recipes-mac/AppArmor/files/py3_10_fixup.patch b/meta-security/recipes-mac/AppArmor/files/py3_10_fixup.patch deleted file mode 100644 index 05f84600a3..0000000000 --- a/meta-security/recipes-mac/AppArmor/files/py3_10_fixup.patch +++ /dev/null @@ -1,35 +0,0 @@ -m4/ax_python_devel.m4: do not check for distutils - -With py 3.10 this prints a deprecation warning which is -taken as an error. Upstream should rework the code to not -use distuils. - -Upstream-Status: Inappropriate [needs a proper fix upstream] -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Index: git/libraries/libapparmor/m4/ac_python_devel.m4 -=================================================================== ---- git.orig/libraries/libapparmor/m4/ac_python_devel.m4 -+++ git/libraries/libapparmor/m4/ac_python_devel.m4 -@@ -66,21 +66,6 @@ variable to configure. See ``configure - - fi - - # -- # Check if you have distutils, else fail -- # -- AC_MSG_CHECKING([for the distutils Python package]) -- ac_distutils_result=`$PYTHON -c "import distutils" 2>&1` -- if test -z "$ac_distutils_result"; then -- AC_MSG_RESULT([yes]) -- else -- AC_MSG_RESULT([no]) -- AC_MSG_ERROR([cannot import Python module "distutils". --Please check your Python installation. The error was: --$ac_distutils_result]) -- PYTHON_VERSION="" -- fi -- -- # - # Check for Python include path - # - AC_MSG_CHECKING([for Python include path]) diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb index f6394cc8a3..41187326db 100644 --- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb +++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb @@ -6,7 +6,7 @@ out-of-the-box ready to read many standard log files, such as those for sshd and and is easy to configure to read any log file you choose, for any error you choose." HOMEPAGE = "http://www.fail2ban.org" -LICENSE = "GPL-2.0" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" SRCREV ="4fe4ac8dde6ba14841da598ec37f8c6911fe0f64" @@ -15,7 +15,7 @@ SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \ file://run-ptest \ " -inherit update-rc.d ptest setuptools3 +inherit update-rc.d ptest setuptools3_legacy S = "${WORKDIR}/git" diff --git a/meta-security/recipes-security/mfa/python3-privacyidea_3.5.2.bb b/meta-security/recipes-security/mfa/python3-privacyidea_3.6.2.bb index a4ab59d5d8..40f6d154bb 100644 --- a/meta-security/recipes-security/mfa/python3-privacyidea_3.5.2.bb +++ b/meta-security/recipes-security/mfa/python3-privacyidea_3.6.2.bb @@ -2,17 +2,15 @@ SUMMARY = "identity, multifactor authentication (OTP), authorization, audit" DESCRIPTION = "privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you can enhance your existing applications like local login (PAM, Windows Credential Provider), VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications." HOMEPAGE = "http://www.privacyidea.org/" -LICENSE = "AGPL-3.0" +LICENSE = "AGPL-3.0-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55" PYPI_PACKAGE = "privacyIDEA" -SRC_URI[sha256sum] = "26aeb0d353af1f212c4df476202516953c20f7f31566cfe0b67cbb553de04763" +SRC_URI[sha256sum] = "4441282d086331dac0aee336286de8262d9ac8eb11e14b7f9aa69f865caebe17" inherit pypi setuptools3 do_install:append () { - #install ${D}/var/log/privacyidea - rm -fr ${D}${libdir}/${PYTHON_DIR}/site-packages/tests } @@ -21,11 +19,11 @@ GROUPADD_PARAM:${PN} = "--system privacyidea" USERADD_PARAM:${PN} = "--system -g privacyidea -o -r -d /opt/${BPN} \ --shell /bin/false privacyidea" -FILES:${PN} += " ${datadir}/etc/privacyidea/* ${datadir}/lib/privacyidea/*" +FILES:${PN} += " ${prefix}/etc/privacyidea/* ${datadir}/lib/privacyidea/*" RDEPENDS:${PN} += " bash perl freeradius-mysql freeradius-utils" -RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-backports-functools-lru-cache python3-bcrypt" +RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-bcrypt" RDEPENDS:${PN} += "python3-beautifulsoup4 python3-cbor2 python3-certifi python3-cffi python3-chardet" RDEPENDS:${PN} += "python3-click python3-configobj python3-croniter python3-cryptography python3-defusedxml" RDEPENDS:${PN} += "python3-ecdsa python3-flask python3-flask-babel python3-flask-migrate" |