diff options
author | William A. Kennington III <wak@google.com> | 2021-06-02 22:28:27 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2021-06-07 18:15:22 +0300 |
commit | ac69b488c6ecf0e6df8321218006f23211c45e46 (patch) | |
tree | 899942e99c3be5138dd4784f939f0e8b717f90b9 /poky/meta/conf | |
parent | ee32beb0333105ea120420a3556a752079ef5437 (diff) | |
download | openbmc-ac69b488c6ecf0e6df8321218006f23211c45e46.tar.xz |
poky: subtree update:2dcd1f2a21..9d1b332292
Alejandro Hernandez Samaniego (2):
baremetal-helloworld: Enable RISC-V 64 port
baremetal-image: Fix post process command rootfs_update_timestamp
Alexander Kanavin (94):
python3: add markdown/smartypants/typogrify modules
gi-docgen: add a recipe and class
gdk-pixbuf/pango: replace gtk-doc with gi-docgen
vala: upgrade 0.50.4 -> 0.52.2
xkbcomp: upgrade 1.4.4 -> 1.4.5
stress-ng: upgrade 0.12.05 -> 0.12.06
xserver-xorg: upgrade 1.20.10 -> 1.20.11
xorgproto: upgrade 2020.1 -> 2021.3
dpkg: update 1.20.7.1 -> 1.20.9
puzzles: update to latest revision
cmake: update 3.19.5 -> 3.20.1
meson: update 0.57.1 -> 0.57.2
systemd: backport a patch to avoid unnecessary rsync dependency with latest meson
pulseaudio: unbreak build with latest meson
libdnf: upgrade 0.58.0 -> 0.62.0
bluez5: upgrade 5.56 -> 5.58
libxkbcommon: update 1.0.3 -> 1.2.1
libgudev: update 234 -> 236
vulkan-samples: update to latest revision
gnupg: upgrade 2.2.27 -> 2.3.1
virglrenderer: update 0.8.2 -> 0.9.1
webkitgtk: update 2.30.6 -> 2.32.0
acl: upgrade 2.2.53 -> 2.3.1
bind: upgrade 9.16.12 -> 9.16.13
bison: upgrade 3.7.5 -> 3.7.6
createrepo-c: upgrade 0.17.0 -> 0.17.2
cronie: upgrade 1.5.5 -> 1.5.7
dnf: upgrade 4.6.0 -> 4.7.0
e2fsprogs: upgrade 1.46.1 -> 1.46.2
gnu-efi: upgrade 3.0.12 -> 3.0.13
systemd-boot: backport a fix to address failures with new gnu-efi
gobject-introspection: upgrade 1.66.1 -> 1.68.0
gtk+3: upgrade 3.24.25 -> 3.24.28
harfbuzz: upgrade 2.7.4 -> 2.8.0
less: upgrade 563 -> 581
libfm: upgrade 1.3.1 -> 1.3.2
libinput: upgrade 1.16.4 -> 1.17.1
libwpe: upgrade 1.8.0 -> 1.10.0
libxres: upgrade 1.2.0 -> 1.2.1
linux-firmware: upgrade 20210208 -> 20210315
pango: upgrade 1.48.2 -> 1.48.4
piglit: upgrade to latest revision
pkgconf: upgrade 1.7.3 -> 1.7.4
python3-hypothesis: upgrade 6.2.0 -> 6.9.1
python3-importlib-metadata: upgrade 3.4.0 -> 3.10.1
python3-pytest: upgrade 6.2.2 -> 6.2.3
python3-setuptools-scm: upgrade 5.0.1 -> 6.0.1
x264: upgrade to latest revision
ptest: add a test for orphaned ptests, and restore ones found by it
swig: fix upstream version check
liberation-fonts: fix upstream version check
Revert "go: Use dl.google.com for SRC_URI"
powertop: update 2.13 -> 2.14
mesa: add lmsensors PACKAGECONFIG
ffmpeg: update 4.3.2 -> 4.4
qemu: use 4 cores in qemu guests
avahi: disable gtk bits
gdk-pixbuf: rewrite the cross-build support for tests
gnome: drop upstream even condition from a few recipes
expat: upgrade 2.2.10 -> 2.3.0
meson.bbclass: split python routines into a separate class
gstreamer1.0-plugins-base: backport a patch to fix meson 0.58 builds
meson: update 0.57.2 -> 0.58.0
qemu: backport a patch to fix meson 0.58 builds
nativesdk-meson: correctly set cpu_family
bitbake: fetch2/wget: when checking latest versions, consider all numerical directories
mklibs: remove recipes and class
local.conf: Drop support for mklibs
u-boot: upgrade 2021.01 -> 2021.04
gdk-pixbuf: update a patch status
systemd: update 247.6 -> 248.3
systemd-conf: do not version in lockstep with systemd
gnu-config: update to latest revision
mmc-utils: update to latest revision
python3-smartypants: fix upstream version check
at: upgrade 3.2.1 -> 3.2.2
gnomebase: trim the SRC_URI directory from the back
gsettings-desktop-schemas: upgrade 3.38.0 -> 40.0
igt-gpu-tools: upgrade 1.25 -> 1.26
mesa: update 21.0.3 -> 21.1.1
vulkan-samples: update to latest revision
libgpg-error: update 1.41 -> 1.42
webkitgtk: update 2.32.0 -> 2.32.1
glib-2.0: update 2.68.1 -> 2.68.2
apt: upgrade 2.2.2 -> 2.2.3
cmake: update 3.20.1 -> 3.20.2
libdnf: update 0.62.0 -> 0.63.0
harfbuzz: update 2.8.0 -> 2.8.1
curl: update 7.76.0 -> 7.76.1
systemtap: update 4.4 -> 4.5
wayland: package target binaries into -tools, not into -dev
ptest: add newly discovered missing runtime dependencies across recipes
images: remove sato/weston ptest images
images: add ptest images based on core-image-minimal
Andreas Müller (1):
gstreamer1.0-plugins-good: fix build with gcc11
Andrej Valek (1):
expat: upgrade 2.3.0 -> 2.4.1
Anuj Mittal (1):
lsb-release: fix reproducibility failure
Armin Kuster (5):
bitbake: hashserv/server.py: drop unused imports
bitbake: hashserver/client.py: drop unused imports
poky.yaml: fedora33: add missing pkgs
systemctl: Stop tracebacks use formated error messages
package_manager/rpm: decode systemctl failures
Bastian Krause (1):
ccache: version bump 4.2.1 -> 4.3
Bruce Ashfield (18):
linux-yocto/5.4: qemuppc32: reduce serial shutdown issues
kern-tools: Kconfiglib: add support for bare 'modules' keyword
lttng-modules: update devupstream to v2.13-rc
lttng-modules: update to v2.12.6
kernel-yocto: provide debug / summary information for metadata
linux-yocto/5.10: update to v5.10.35
linux-yocto/5.4: update to v5.4.117
linux-yocto/5.10: ktypes/standard: disable obsolete crypto options by default
linux-yocto/5.10: update to v5.10.36
linux-yocto/5.4: update to v5.4.118
linux-yocto/5.10: update to v5.10.37
linux-yocto/5.4: update to v5.4.119
kernel-devsrc: adjust NM and OBJTOOL variables for target
linux-yocto/5.10: update to v5.10.38
linux-yocto-dev: bump to v5.13+
linux-yocto/5.4: update to v5.4.120
linux-yocto/5.10: update to v5.10.41
linux-yocto/5.4: update to v5.4.123
Carlos Rafael Giani (1):
ffmpeg: Add libopus packageconfig
Changqing Li (2):
unfs3: correct configure option
pkgconfig: update SRC_URI
Chen Qi (3):
db: update CVE_PRODUCT
rt-tests: update SRCREV
xxhash: backport patch to fix special char problem
Daniel McGregor (3):
lib/oe/gpg_sign.py: Fix gpg verification
sstate: Ignore sstate signing key
bison: Make libtextstyle and libreadline optional
Daniel Wagenknecht (1):
kernel-dev: document KCONFIG_MODE
Douglas Royds (3):
Revert "icecc: Don't use icecc when INHIBIT_DEFAULT_DEPS is set"
icecc: Demote "could not get ICECC_CC" warning to note
icecc-create-env: Silence warning: invalid ICECC_ENV_EXEC
Drew Moseley (1):
manuals: fix a few incorrect option specifications.
Guillaume Champagne (1):
image-live.bbclass: order do_bootimg after do_rootfs
Joshua Watt (1):
zstd: Add patch to fix MinGW builds
Kai Kang (1):
grub2.inc: remove '-O2' from CFLAGS
Khem Raj (17):
swig: Upgrade to 4.0.2
python3-markdown: Upgrade to 3.3.4
ffmpeg: Fix build on mips
npth: Check for pthread_create for including lpthread
gcc: Add target gcc include search for musl config too
gcc: Extend .gccrelocprefix section support to musl configs
gcc: Refresh patch to fix patch fuzz
musl: Fix __NR_fstatat syscall name for riscv
libxfixes: Update to 6.0.0 release
xorgproto: Upgrade to 2021.4 release
glibc: Update to latest 2.33 branch
systemd: Fix 248.3 on musl
glibc: Enable memory tagging for aarch64
gcc: Update to latest on release/gcc-11 branch
apt: Add missing <array> header
ovmf: Fix VLA warnings with GCC 11
libucontext: Switch to meson build system
Martin Jansa (4):
gcc-sanitizers: Package up static hwasan files as well
webkitgtk: fix build without opengl in DISTRO_FEATURES
binutils: backport DWARF-5 support for gold
sstatesig.py: make it fatal error when sstate manifest isn't found
Michael Halstead (3):
releases: update to include 3.2.4
uninative: Upgrade to 3.2 (gcc11 support)
releases: update to include 3.3.1
Michael Opdenacker (8):
manuals: reduce verbosity with "worry about" expression
manuals: reduce verbosity related to "the following" expression
ref-manual: simplify style
kernel-dev manual: simplify style
dev-manual: simplify style
sdk-manual: simplify style and fix formating
overview-manual: simplify style and add missings references
manuals: simplify style
Mike Crowe (2):
npm.bbclass: Allow nodedir to be overridden by NPM_NODEDIR
libnotify: Make gtk+3 dependency optional
Ming Liu (4):
kernel-fitimage.bbclass: fix a wrong conditional check
initramfs-framework:rootfs: fix wrong indentions
kernel-fitimage.bbclass: drop unit addresses from bootscr sections
uboot-sign/kernel-fitimage: split generate_rsa_keys task
Nikolay Papenkov (1):
flex: correct license information
Nisha Parrakat (1):
squashfs-tools: package squashfs-fs.h
Peter Kjellerstedt (3):
libcap: Configure Make variables correctly without a horrible hack
util-linux.inc: Do not modify BPN
native.bbclass: Do not remove "-native" in the middle of recipe names
Petr Vorel (1):
ltp: Update to 20210524
Richard Purdie (92):
oeqa/qemurunner: Fix binary vs str issue
oeqa/qemurunner: Improve handling of run_serial for shutdown commands
ptest-packagelists: Add expat-ptest to fast ptests
puzzles: Upstream changed to main branch for development
grub2: Add CVE whitelist entries for issues fixed in 2.06
glibc: Document and whitelist CVE-2019-1010022-25
qemu: Exclude CVE-2017-5957 from cve-check
qemu: Exclude CVE-2007-0998 from cve-check
qemu: Exclude CVE-2018-18438 from cve-check
jquery: Exclude CVE-2007-2379 from cve-check
logrotate: Exclude CVE-2011-1548,1549,1550 from cve-check
openssh: Exclude CVE-2007-2768 from cve-check
ovmf: Improve reproducibility by enabling prefix mapping
bind: Exclude CVE-2019-6470 from cve-check
openssh: Exclude CVE-2008-3844 from cve-check
unzip: Exclude CVE-2008-0888 from cve-check
cpio: Exclude CVE-2010-4226 from cve-check
xinetd: Exclude CVE-2013-4342 from cve-check
ghostscript: Exclude CVE-2013-6629 from cve-check
bluez: Exclude CVE-2020-12352 CVE-2020-24490 from cve-check
tiff: Exclude CVE-2015-7313 from cve-check
ovmf: Disable lto to aid reproducibility
ovmf: Fix other reproducibility issues
rpm: Exclude CVE-2021-20271 from cve-check
coreutils: Exclude CVE-2016-2781 from cve-check
librsvg: Exclude CVE-2018-1000041 from cve-check
avahi: Exclude CVE-2021-26720 from cve-check
qemu: Set SMP to 4 cpus for arm/x86 only
qemuboot-x86: Switch to IvyBridge and q35 instead of pc
qemu-x86: Add commandline options to improve boot
sstate: Handle manifest 'corruption' issue
lttng-ust: Upgrade 2.12.1 -> 2.12.2
qemu: Upgrade 5.2.0 -> 6.0.0
python3-markupsafe: Upgrade 1.1.1 -> 2.0.0
python3-jinja2: Upgrade 2.11.3 -> 3.0.0
ofono: upgrade 1.31 -> 1.32
libnss-mdns: upgrade 0.14.1 -> 0.15
python3-git: upgrade 3.1.14 -> 3.1.17
bind: upgrade 9.16.13 -> 9.16.15
vala: upgrade 0.52.2 -> 0.52.3
libjpeg-turbo: upgrade 2.0.6 -> 2.1.0
btrfs-tools: upgrade 5.12 -> 5.12.1
python3-hypothesis: upgrade 6.9.1 -> 6.12.0
python3-numpy: upgrade 1.20.2 -> 1.20.3
gtk+3: upgrade 3.24.28 -> 3.24.29
sudo: upgrade 1.9.6p1 -> 1.9.7
stress-ng: upgrade 0.12.06 -> 0.12.08
less: upgrade 581 -> 586
libtirpc: upgrade 1.3.1 -> 1.3.2
libinput: upgrade 1.17.1 -> 1.17.2
zstd: upgrade 1.4.9 -> 1.5.0
hdparm: upgrade 9.61 -> 9.62
libxkbcommon: upgrade 1.2.1 -> 1.3.0
spirv-tools: upgrade 2020.7 -> 2021.1
diffoscope: upgrade 172 -> 175
mpg123: upgrade 1.26.5 -> 1.27.2
sqlite3: upgrade 3.35.3 -> 3.35.5
wayland-protocols: upgrade 1.20 -> 1.21
shaderc: upgrade 2020.5 -> 2021.0
wpebackend-fdo: upgrade 1.8.3 -> 1.8.4
libxcrypt-compat: upgrade 4.4.19 -> 4.4.20
Revert "cml1.bbclass: Return sorted list of cfg files"
bitbake: server/process: Handle error in heartbeat funciton in OOM case
glibc: Add 8GB VM usage cap for usermode test suite
cve-extra-exclusions.inc: add exclusion list for intractable CVE's
rpm: Drop CVE exclusion as database fixed to handle
cve-extra-exclusions: Fix typos
grub: Exclude CVE-2019-14865 from cve-check
cve-extra-exclusions.inc: Clean up merged CPE updates
ltp: Disable problematic tests causing autobuilder hangs
python3-setuptools: upgrade 56.0.0 -> 56.2.0
distro/maintainers: Fix up the ptest image entries
oeqa/runtime/rpm: Drop log message counting test component
linux-firmware: upgrade 20210315 -> 20210511
libxcrypt: Upgrade 4.4.20 -> 4.4.22
iproute2: upgrade 5.11.0 -> 5.12.0
libx11: upgrade 1.7.0 -> 1.7.1
python3-hypothesis: upgrade 6.12.0 -> 6.13.7
pango: upgrade 1.48.4 -> 1.48.5
python3-importlib-metadata: upgrade 4.0.1 -> 4.3.0
libmodulemd: upgrade 2.12.0 -> 2.12.1
vte: upgrade 0.64.0 -> 0.64.1
libinput: upgrade 1.17.2 -> 1.17.3
gi-docgen: upgrade 2021.5 -> 2021.6
kmod: upgrade 28 -> 29
xorgproto: upgrade 2021.4 -> 2021.4.99.1
libpcre2: upgrade 10.36 -> 10.37
libepoxy: upgrade 1.5.5 -> 1.5.8
python3-jinja2: upgrade 3.0.0 -> 3.0.1
curl: upgrade 7.76.1 -> 7.77.0
python3-setuptools: upgrade 56.2.0 -> 57.0.0
oeqa/qemurunner: Improve timeout handling
Richard Weinberger (1):
Add support for erofs filesystems
Robert Joslyn (3):
liberation-fonts: Update to 2.1.4
epiphany: Update to 40.1
btrfs-tools: Update to 5.12
Robert P. J. Day (8):
sdk-manual: couple minor fixes in using.rst
sdk-manual: various cleanups to intro.rst
ref-manual: delete references to dead LSB compliance
ref-manual: delete extraneous back quote
image.bbclass: fix comment "pacackages" -> "packages"
meta/lib/oe/rootfs.py: Fix typo "Restoreing" -> "Restoring"
bitbake.conf: alphabetize contents of ASSUME_PROVIDED
ref-manual: add links to some variables in glossary
Romain Naour (1):
dejagnu: needs expect at runtime
Ross Burton (12):
cairo: backport patch for CVE-2020-35492
libnotify: whitelist CVE-2013-7381 (specific to the NodeJS bindings)
builder: whitelist CVE-2008-4178 (a different builder)
libarchive: disable redundant libxml2 PACKAGECONFIG
meson: update patch status
cups: whitelist CVE-2021-25317
libsolv: add missing db dependency
rpm: turn Berkeley DB hard dependency into PACKAGECONFIG
python3: update status on upstreamed patch
ref-manual: Ubuntu 20.04 is also LTS
package_rpm: pass XZ_THREADS to rpm
gcc: revert libstc++-gdb.py installation changes
Samuli Piippo (3):
gcc-cross-canadian: add symlinks for ld.bfd and ld.gold
libarchive: enable zstd support
cmake-native: enabled zstd support
Stefan Ghinea (1):
boost: fix do_fetch failure
Steve Sakoman (1):
expat: set CVE_PRODUCT
Tony Tascioglu (3):
libxml2: Reformat runtest.patch
libxml2: Add bash dependency for ptests.
libxml2: Update to 2.9.12
Trevor Gamblin (2):
python3: upgrade 3.9.4 -> 3.9.5
bind: upgrade 9.16.15 -> 9.16.16
Ulrich Ölmann (1):
local.conf.sample: fix typo
Vinícius Ossanes Aquino (1):
lttng-modules: backport patches to fix build against 5.12+ kernel
Yann Dirson (1):
linux-firmware: include all relevant files in -bcm4356
hongxu (1):
gdk-pixbuf: fix nativesdk do_configure failed
wangmy (21):
python3-pygments: upgrade 2.8.1 -> 2.9.0
at-spi2-core: upgrade 2.40.0 -> 2.40.1
ell: upgrade 0.39 -> 0.40
kexec-tools: upgrade 2.0.21 -> 2.0.22
go: upgrade 1.16.3 -> 1.16.4
python3-attrs: upgrade 20.3.0 -> 21.2.0
python3-six: upgrade 1.15.0 -> 1.16.0
vulkan-samples: update to latest revision
vulkan-headers: upgrade 1.2.170.0 -> 1.2.176.0
vulkan-tools: upgrade 1.2.170.0 -> 1.2.176.0
vulkan-loader: upgrade 1.2.170.0 -> 1.2.176.0
distcc: upgrade 3.3.5 -> 3.4
libdrm: upgrade 2.4.105 -> 2.4.106
libidn2: upgrade 2.3.0 -> 2.3.1
libtasn1: upgrade 4.16.0 -> 4.17.0
python3-libarchive-c: upgrade 2.9 -> 3.0
python3-markupsafe: upgrade 2.0.0 -> 2.0.1
python3-more-itertools: upgrade 8.7.0 -> 8.8.0
python3-pytest: upgrade 6.2.3 -> 6.2.4
logrotate: upgrade 3.18.0 -> 3.18.1
stress-ng: upgrade 0.12.08 -> 0.12.09
zhengruoqin (10):
busybox: upgrade 1.33.0 -> 1.33.1
rng-tools: upgrade 6.11 -> 6.12
rpcbind: upgrade 1.2.5 -> 1.2.6
sysklogd: upgrade 2.2.2 -> 2.2.3
python3-importlib-metadata: upgrade 3.10.1 -> 4.0.1
python3-sortedcontainers: upgrade 2.3.0 -> 2.4.0
rxvt-unicode: upgrade 9.22 -> 9.26
libedit: upgrade 20210419-3.1 -> 20210522-3.1
libtest-needs-perl: upgrade 0.002006 -> 0.002009
libucontext: upgrade 0.10 -> 1.1
Change-Id: I5e5148036ac2a7918974733e5751c3392139b17e
Signed-off-by: William A. Kennington III <wak@google.com>
Diffstat (limited to 'poky/meta/conf')
-rw-r--r-- | poky/meta/conf/bitbake.conf | 16 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/cve-extra-exclusions.inc | 73 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/maintainers.inc | 12 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/ptest-packagelists.inc | 51 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/tcmode-default.inc | 2 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/yocto-uninative.inc | 8 | ||||
-rw-r--r-- | poky/meta/conf/machine/include/qemuboot-x86.inc | 11 | ||||
-rw-r--r-- | poky/meta/conf/machine/qemuarm.conf | 1 | ||||
-rw-r--r-- | poky/meta/conf/machine/qemuarm64.conf | 1 |
9 files changed, 141 insertions, 34 deletions
diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf index 4fa47d88e..f451ba6a4 100644 --- a/poky/meta/conf/bitbake.conf +++ b/poky/meta/conf/bitbake.conf @@ -173,25 +173,25 @@ DATETIME = "${DATE}${TIME}" # python-native should be here but python relies on building # its own in staging ASSUME_PROVIDED = "\ + bash-native \ bzip2-native \ chrpath-native \ + diffstat-native \ file-native \ findutils-native \ gawk-native \ git-native \ grep-native \ - diffstat-native \ - patch-native \ - libgcc-native \ hostperl-runtime-native \ hostpython-runtime-native \ + libgcc-native \ + patch-native \ + sed-native \ tar-native \ - virtual/libintl-native \ - virtual/libiconv-native \ - virtual/crypt-native \ texinfo-native \ - bash-native \ - sed-native \ + virtual/crypt-native \ + virtual/libiconv-native \ + virtual/libintl-native \ wget-native \ " # gzip-native should be listed above? diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc new file mode 100644 index 000000000..cf07acce1 --- /dev/null +++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc @@ -0,0 +1,73 @@ +# This file contains a list of CVE's where resolution has proven to be impractical +# or there is no reasonable action the Yocto Project can take to resolve the issue. +# It contains all the information we are aware of about an issue and analysis about +# why we believe it can't be fixed/handled. Additional information is welcome through +# patches to the file. +# +# Include this file in your local.conf or distro.conf to exclude these CVE's +# from the cve-check results or add to the bitbake command with: +# -R conf/distro/include/cve-extra-exclusions.inc +# +# The file is not included by default since users should review this data to ensure +# it matches their expectations and usage of the project. +# +# We may also include "in-flight" information about current/ongoing CVE work with +# the aim of sharing that work and ensuring we don't duplicate it. +# + + +# strace https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0006 +# CVE is more than 20 years old with no resolution evident +# broken links in CVE database references make resolution impractical +CVE_CHECK_WHITELIST += "CVE-2000-0006" + +# epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0238 +# The issue here is spoofing of domain names using characters from other character sets. +# There has been much discussion amongst the epiphany and webkit developers and +# whilst there are improvements about how domains are handled and displayed to the user +# there is unlikely ever to be a single fix to webkit or epiphany which addresses this +# problem. Whitelisted as there isn't any mitigation or fix or way to progress this further +# we can seem to take. +CVE_CHECK_WHITELIST += "CVE-2005-0238" + +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4756 +# Issue is memory exhaustion via glob() calls, e.g. from within an ftp server +# Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681 +# Upstream don't see it as a security issue, ftp servers shouldn't be passing +# this to libc glob. Exclude as upstream have no plans to add BSD's GLOB_LIMIT or similar +CVE_CHECK_WHITELIST += "CVE-2010-4756" + +# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29509 +# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29511 +# The encoding/xml package in go can potentially be used for security exploits if not used correctly +# CVE applies to a netapp product as well as flagging a general issue. We don't ship anything +# exposing this interface in an exploitable way +CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511" + + + +#### CPE update pending #### + +# groff:groff-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0803 +# Appears it was fixed in https://git.savannah.gnu.org/cgit/groff.git/commit/?id=07f95f1674217275ed4612f1dcaa95a88435c6a7 +# so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10. +#CVE_CHECK_WHITELIST += "CVE-2000-0803" + + + +#### Upstream still working on #### + +# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 +# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html +# however qemu maintainers are sure the patch is incorrect and should not be applied. + +# flex:flex-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6293 +# Upstream bug, still open: https://github.com/westes/flex/issues/414 +# Causes memory exhaustion so potential DoS but no buffer overflow, low priority + +# wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 +# https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html +# No response upstream as of 2021/5/12 + + + diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc index 140f7b490..fa7eb9da0 100644 --- a/poky/meta/conf/distro/include/maintainers.inc +++ b/poky/meta/conf/distro/include/maintainers.inc @@ -111,19 +111,17 @@ RECIPE_MAINTAINER_pn-core-image-minimal-mtdutils = "Richard Purdie <richard.purd RECIPE_MAINTAINER_pn-core-image-tiny-initramfs = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-full-cmdline = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-kernel-dev = "Richard Purdie <richard.purdie@linuxfoundation.org>" +RECIPE_MAINTAINER_pn-core-image-ptest-all = "Richard Purdie <richard.purdie@linuxfoundation.org>" +RECIPE_MAINTAINER_pn-core-image-ptest-fast = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-sato = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-sato-sdk = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-testmaster-initramfs = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-testmaster = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-clutter = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-weston = "Richard Purdie <richard.purdie@linuxfoundation.org>" -RECIPE_MAINTAINER_pn-core-image-weston-ptest-all = "Richard Purdie <richard.purdie@linuxfoundation.org>" -RECIPE_MAINTAINER_pn-core-image-weston-ptest-fast = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-weston-sdk = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-x11 = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-sato-dev = "Richard Purdie <richard.purdie@linuxfoundation.org>" -RECIPE_MAINTAINER_pn-core-image-sato-ptest-fast = "Richard Purdie <richard.purdie@linuxfoundation.org>" -RECIPE_MAINTAINER_pn-core-image-sato-sdk-ptest = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-coreutils = "Chen Qi <Qi.Chen@windriver.com>" RECIPE_MAINTAINER_pn-cpio = "Denys Dmytriyenko <denis@denix.org>" RECIPE_MAINTAINER_pn-cracklib = "Armin Kuster <akuster808@gmail.com>" @@ -171,6 +169,7 @@ RECIPE_MAINTAINER_pn-ell = "Zang Ruochen <zangrc.fnst@fujitsu.com>" RECIPE_MAINTAINER_pn-enchant2 = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-encodings = "Armin Kuster <akuster808@gmail.com>" RECIPE_MAINTAINER_pn-epiphany = "Alexander Kanavin <alex.kanavin@gmail.com>" +RECIPE_MAINTAINER_pn-erofs-utils = "Richard Weinberger <richard@nod.at>" RECIPE_MAINTAINER_pn-ethtool = "Changhyeok Bae <changhyeok.bae@gmail.com>" RECIPE_MAINTAINER_pn-eudev = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-expat = "Yi Zhao <yi.zhao@windriver.com>" @@ -205,6 +204,7 @@ RECIPE_MAINTAINER_pn-gdk-pixbuf = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER_pn-gettext = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER_pn-gettext-minimal-native = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER_pn-ghostscript = "Hongxu Jia <hongxu.jia@windriver.com>" +RECIPE_MAINTAINER_pn-gi-docgen = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-git = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER_pn-glew = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-glib-2.0 = "Anuj Mittal <anuj.mittal@intel.com>" @@ -507,7 +507,6 @@ RECIPE_MAINTAINER_pn-mingetty = "Yi Zhao <yi.zhao@windriver.com>" RECIPE_MAINTAINER_pn-mini-x-session = "Armin Kuster <akuster808@gmail.com>" RECIPE_MAINTAINER_pn-minicom = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-mkfontscale = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-mklibs-native = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER_pn-mmc-utils = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-mobile-broadband-provider-info = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-modutils-initscripts = "Yi Zhao <yi.zhao@windriver.com>" @@ -608,6 +607,7 @@ RECIPE_MAINTAINER_pn-python3-jinja2 = "Richard Purdie <richard.purdie@linuxfound RECIPE_MAINTAINER_pn-python3-libarchive-c = "Joshua Watt <JPEWhacker@gmail.com>" RECIPE_MAINTAINER_pn-python3-magic = "Joshua Watt <JPEWhacker@gmail.com>" RECIPE_MAINTAINER_pn-python3-mako = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" +RECIPE_MAINTAINER_pn-python3-markdown = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-python3-markupsafe = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-python3-more-itertools = "Tim Orling <timothy.t.orling@linux.intel.com>" RECIPE_MAINTAINER_pn-python3-nose = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" @@ -630,11 +630,13 @@ RECIPE_MAINTAINER_pn-python3-scons-native = "Tim Orling <timothy.t.orling@linux. RECIPE_MAINTAINER_pn-python3-setuptools = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" RECIPE_MAINTAINER_pn-python3-setuptools-scm = "Tim Orling <timothy.t.orling@linux.intel.com>" RECIPE_MAINTAINER_pn-python3-six = "Zang Ruochen <zangrc.fnst@fujitsu.com>" +RECIPE_MAINTAINER_pn-python3-smartypants = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-python3-smmap = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" RECIPE_MAINTAINER_pn-python3-sortedcontainers = "Tim Orling <timothy.t.orling@linux.intel.com>" RECIPE_MAINTAINER_pn-python3-subunit = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" RECIPE_MAINTAINER_pn-python3-testtools = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" RECIPE_MAINTAINER_pn-python3-toml = "Tim Orling <timothy.t.orling@linux.intel.com>" +RECIPE_MAINTAINER_pn-python3-typogrify = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-python3-wcwidth = "Tim Orling <timothy.t.orling@linux.intel.com>" RECIPE_MAINTAINER_pn-python3-zipp = "Tim Orling <timothy.t.orling@linux.intel.com>" RECIPE_MAINTAINER_pn-qemu = "Richard Purdie <richard.purdie@linuxfoundation.org>" diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc index e0a876dbd..aef70343f 100644 --- a/poky/meta/conf/distro/include/ptest-packagelists.inc +++ b/poky/meta/conf/distro/include/ptest-packagelists.inc @@ -14,17 +14,21 @@ PTESTS_FAST = "\ diffutils-ptest \ elfutils-ptest \ ethtool-ptest \ + expat-ptest \ flex-ptest \ gawk-ptest \ gdbm-ptest \ gdk-pixbuf-ptest \ gettext-ptest \ + glib-networking-ptest \ gzip-ptest \ json-glib-ptest \ libconvert-asn1-perl-ptest \ liberror-perl-ptest \ + libnl-ptest \ libmodule-build-perl-ptest \ libpcre-ptest \ + libssh2-ptest \ libtimedate-perl-ptest \ libtest-needs-perl-ptest \ liburi-perl-ptest \ @@ -43,6 +47,12 @@ PTESTS_FAST = "\ opkg-ptest \ pango-ptest \ parted-ptest \ + python3-atomicwrites-ptest \ + python3-jinja2-ptest \ + python3-markupsafe-ptest \ + python3-more-itertools-ptest \ + python3-pluggy-ptest \ + python3-wcwidth-ptest \ qemu-ptest \ quilt-ptest \ sed-ptest \ @@ -51,17 +61,7 @@ PTESTS_FAST = "\ zlib-ptest \ " PTESTS_FAST_remove_mips64 = "qemu-ptest" - -#PTESTS_PROBLEMS = "\ -# ruby-ptest \ # Timeout -# clutter-1.0-ptest \ # Doesn't build due to depends on cogl-1.0 -# lz4-ptest \ # Needs a rewrite -# rt-tests-ptest \ # Needs to be checked whether it runs at all -# bash-ptest \ # Test outcomes are non-deterministic by design -# ifupdown-ptest \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py -# mdadm-ptest \ # Tests rely on non-deterministic sleep() amounts -# libinput-ptest \ # Tests need an unloaded system to be reliable -#" +PTESTS_PROBLEMS_append_mips64 = "qemu-ptest" PTESTS_SLOW = "\ babeltrace-ptest \ @@ -85,3 +85,32 @@ PTESTS_SLOW = "\ " PTESTS_SLOW_remove_riscv64 = "valgrind-ptest" +PTESTS_PROBLEMS_append_riscv64 = "valgrind-ptest" + +# ruby-ptest \ # Timeout +# clutter-1.0-ptest \ # Doesn't build due to depends on cogl-1.0 +# lz4-ptest \ # Needs a rewrite +# rt-tests-ptest \ # Needs to be checked whether it runs at all +# bash-ptest \ # Test outcomes are non-deterministic by design +# ifupdown-ptest \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py +# mdadm-ptest \ # Tests rely on non-deterministic sleep() amounts +# libinput-ptest \ # Tests need an unloaded system to be reliable +# libpam-ptest \ # Needs pam DISTRO_FEATURE +# numactl-ptest \ # qemu not (yet) configured for numa; all tests are skipped +# libseccomp-ptest \ # tests failed: 38; add to slow tests once addressed +# python3-numpy-ptest \ # requires even more RAM and (possibly) disk space; multiple failures + +PTESTS_PROBLEMS = "\ + ruby-ptest \ + clutter-1.0-ptest \ + lz4-ptest \ + rt-tests-ptest \ + bash-ptest \ + ifupdown-ptest \ + mdadm-ptest \ + libinput-ptest \ + libpam-ptest \ + libseccomp-ptest \ + numactl-ptest \ + python3-numpy-ptest \ +" diff --git a/poky/meta/conf/distro/include/tcmode-default.inc b/poky/meta/conf/distro/include/tcmode-default.inc index a0c35eed0..c6e5ac61d 100644 --- a/poky/meta/conf/distro/include/tcmode-default.inc +++ b/poky/meta/conf/distro/include/tcmode-default.inc @@ -22,7 +22,7 @@ BINUVERSION ?= "2.36%" GDBVERSION ?= "10.%" GLIBCVERSION ?= "2.33" LINUXLIBCVERSION ?= "5.10%" -QEMUVERSION ?= "5.2%" +QEMUVERSION ?= "6.0%" GOVERSION ?= "1.16%" # This can not use wildcards like 8.0.% since it is also used in mesa to denote # llvm version being used, so always bump it with llvm recipe version bump diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index 05b79d14c..740cca0ec 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -8,7 +8,7 @@ UNINATIVE_MAXGLIBCVERSION = "2.33" -UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.1/" -UNINATIVE_CHECKSUM[aarch64] ?= "7fa12b9fe7a95934cc09beb0e8a25ff97179ef3105116015d32548eadd27b024" -UNINATIVE_CHECKSUM[i686] ?= "bbfcdd48336800b5af97e294918c6586a0a8fa903f127f813b0bd5110de8c55c" -UNINATIVE_CHECKSUM[x86_64] ?= "5d0611df544edff6428cef7d871257a91aa6ba1bd92f5365a2df8deb54b6b31e" +UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.2/" +UNINATIVE_CHECKSUM[aarch64] ?= "4f0872cdca2775b637a8a99815ca5c8dd42146abe903a24a50ee0448358c764b" +UNINATIVE_CHECKSUM[i686] ?= "e2eeab92e67263db37d9bb6d4c58579abd1f47ff4cded3171bde572fece124b2" +UNINATIVE_CHECKSUM[x86_64] ?= "3ee8c7d55e2d4c7ae3887cddb97219f97b94efddfeee2e24923c0cb0e8ce84c6" diff --git a/poky/meta/conf/machine/include/qemuboot-x86.inc b/poky/meta/conf/machine/include/qemuboot-x86.inc index 2a4760c71..a2dcdc6d5 100644 --- a/poky/meta/conf/machine/include/qemuboot-x86.inc +++ b/poky/meta/conf/machine/include/qemuboot-x86.inc @@ -1,13 +1,14 @@ # For runqemu IMAGE_CLASSES += "qemuboot" -QB_CPU_x86 = "-cpu core2duo" -QB_CPU_KVM_x86 = "-cpu core2duo" +QB_SMP = "-smp 4" +QB_CPU_x86 = "-cpu IvyBridge -machine q35" +QB_CPU_KVM_x86 = "-cpu IvyBridge -machine q35" -QB_CPU_x86-64 = "-cpu core2duo" -QB_CPU_KVM_x86-64 = "-cpu core2duo" +QB_CPU_x86-64 = "-cpu IvyBridge -machine q35" +QB_CPU_KVM_x86-64 = "-cpu IvyBridge -machine q35" QB_AUDIO_DRV = "alsa" QB_AUDIO_OPT = "-soundhw ac97,es1370" -QB_KERNEL_CMDLINE_APPEND = "oprofile.timer=1" +QB_KERNEL_CMDLINE_APPEND = "oprofile.timer=1 tsc=reliable no_timer_check rcupdate.rcu_expedited=1" QB_OPT_APPEND = "-usb -device usb-tablet" diff --git a/poky/meta/conf/machine/qemuarm.conf b/poky/meta/conf/machine/qemuarm.conf index e5ec4cc06..34fcde698 100644 --- a/poky/meta/conf/machine/qemuarm.conf +++ b/poky/meta/conf/machine/qemuarm.conf @@ -16,6 +16,7 @@ SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}" QB_SYSTEM_NAME = "qemu-system-arm" QB_MACHINE = "-machine virt,highmem=off" QB_CPU = "-cpu cortex-a15" +QB_SMP = "-smp 4" # Standard Serial console QB_KERNEL_CMDLINE_APPEND = "vmalloc=256" # For graphics to work we need to define the VGA device as well as the necessary USB devices diff --git a/poky/meta/conf/machine/qemuarm64.conf b/poky/meta/conf/machine/qemuarm64.conf index 51f7ecdcf..150a0744e 100644 --- a/poky/meta/conf/machine/qemuarm64.conf +++ b/poky/meta/conf/machine/qemuarm64.conf @@ -16,6 +16,7 @@ SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}" QB_SYSTEM_NAME = "qemu-system-aarch64" QB_MACHINE = "-machine virt" QB_CPU = "-cpu cortex-a57" +QB_SMP = "-smp 4" QB_CPU_KVM = "-cpu host -machine gic-version=3" # For graphics to work we need to define the VGA device as well as the necessary USB devices QB_GRAPHICS = "-device VGA,edid=on" |