diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-12-01 04:58:47 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-12-01 18:27:18 +0300 |
commit | 6ce62a20847b1bd500386c842cf8b801b678bd1c (patch) | |
tree | 69d169c5d109b03251c4300f39cce5a575194e6f /poky/meta/recipes-support/gnutls | |
parent | f31b8bdb5991e0570aeaf04a9bc50f41d55bccbe (diff) | |
download | openbmc-6ce62a20847b1bd500386c842cf8b801b678bd1c.tar.xz |
poky: subtree update:7231c10430..0ac99625bf
Alban Bedel (1):
systemd: Fix systemd when used with busybox less
Alejandro Hernandez Samaniego (3):
poky-tiny: Reduce busybox size by 13%
poky-tiny: Enable size optimization by default
python3: Update manifest
Alexander Kamensky (1):
kexec: arm64: disabled check if kaslr-seed dtb property was wiped
Alexander Kanavin (128):
systemd-boot: upgrade 246.2 -> 246.6
glib-2.0: upgrade 2.64.5 -> 2.66.1
cmake: update 3.18.2 -> 3.18.4
python3-pygobject: upgrade 3.36.1 -> 3.38.0
libdazzle: upgrade 3.36.0 -> 3.38.0
gobject-introspection: upgrade 1.64.1 -> 1.66.1
json-glib: upgrade 1.4.4 -> 1.6.0
ovmf: update edk2-stable202005 -> edk2-stable202008
gnu-config: update to latest revision
file: enable all built-in compression checkers
rpm: update 4.15.1 -> 4.16.0
elfutils: update 0.180 -> 0.181
ghostscript: update 9.52 -> 9.53.3
ltp: update 20200515 -> 20200930
gsettings-desktop-schemas: update 3.36.1 -> 3.38.0
libsecret: update 0.20.3 -> 0.20.4
mesa: update 20.1.8 -> 20.2.1
xf86-video-vesa: update 2.4.0 -> 2.5.0
lttng-modules: update 2.12.2 -> 2.12.3
webkitgtk: update 2.28.4 -> 2.30.1
dos2unix: update 7.4.1 -> 7.4.2
gnutls: update 3.16.4 -> 3.16.5
libcap: update 2.43 -> 2.44
vte: update 0.60.3 -> 0.62.1
libhandy: upgrade 0.0.13 -> 1.0.0
libportal: add a recipe
epiphany: upgrade 3.36.4 -> 3.38.1
gtk-doc: upgrade 1.32 -> 1.33.0
rpm: adjust MIPS64 N32 support
apt: remove host contamination with gtest
opkg-utils: correct priority matching in update-alternatives
libxml2: add a patch to fix python 3.9 support
python: update 3.8.5 -> 3.9.0
glib-2.0: update 2.66.1 -> 2.66.2
json-glib: fix reproducibility
spirv-tools: correctly set PV
spirv-tools: upgrade 2019.5 -> 2020.5
glslang: fix upstream version check
glslang: upgrade 8.13.3559 -> 8.13.3743
glslang: bump to a newer commit
shaderc: upgrade 2019.0 -> 2020.3
vulkan: update 1.2.135 -> 1.2.154
vulkan-samples: replace vulkan-demos
piglit: upgrade to latest revision
acpica: upgrade 20200717 -> 20200925
adwaita-icon-theme: upgrade 3.36.1 -> 3.38.0
at-spi2-atk: upgrade 2.34.2 -> 2.38.0
at-spi2-core: upgrade 2.36.1 -> 2.38.0
bison: upgrade 3.7.2 -> 3.7.3
createrepo-c: upgrade 0.16.0 -> 0.16.1
curl: upgrade 7.72.0 -> 7.73.0
debianutils: upgrade 4.11.1 -> 4.11.2
dhcpcd: upgrade 9.2.0 -> 9.3.1
dmidecode: upgrade 3.2 -> 3.3
dnf: upgrade 4.2.23 -> 4.4.0
ethtool: upgrade 5.8 -> 5.9
expat: upgrade 2.2.9 -> 2.2.10
gcr: upgrade 3.36.0 -> 3.38.0
glib-networking: upgrade 2.64.3 -> 2.66.0
gtk+3: upgrade 3.24.22 -> 3.24.23
help2man: upgrade 1.47.15 -> 1.47.16
i2c-tools: upgrade 4.1 -> 4.2
iw: upgrade 5.8 -> 5.9
kmscube: upgrade to latest revision
less: upgrade 562 -> 563
libdnf: upgrade 0.48.0 -> 0.54.2
libgudev: upgrade 233 -> 234
libinput: upgrade 1.16.1 -> 1.16.2
libuv: upgrade 1.39.0 -> 1.40.0
libva: upgrade 2.8.0 -> 2.9.0
libva-utils: update 2.8.0 -> 2.9.1
libwpe: upgrade 1.7.1 -> 1.8.0
libxkbcommon: upgrade 0.10.0 -> 1.0.1
openssh: upgrade 8.3p1 -> 8.4p1
openssl: upgrade 1.1.1g -> 1.1.1h
strace: upgrade 5.8 -> 5.9
sudo: upgrade 1.9.3 -> 1.9.3p1
vala: upgrade 0.48.9 -> 0.50.1
wpebackend-fdo: upgrade 1.7.1 -> 1.8.0
xkeyboard-config: upgrade 2.30 -> 2.31
u-boot: upgrade 2020.07 -> 2020.10
usbutils: upgrade 012 -> 013
nfs-utils: upgrade 2.5.1 -> 2.5.2
dropbear: upgrade 2020.80 -> 2020.81
btrfs-tools: upgrade 5.7 -> 5.9
git: upgrade 2.28.0 -> 2.29.2
go: upgrade 1.15.2 -> 1.15.3
mtools: upgrade 4.0.24 -> 4.0.25
python3-numpy: upgrade 1.19.1 -> 1.19.3
python3-git: upgrade 3.1.7 -> 3.1.11
python3-pyelftools: upgrade 0.26 -> 0.27
python3-pygments: upgrade 2.6.1 -> 2.7.2
python3-setuptools: upgrade 49.6.0 -> 50.3.2
asciidoc: upgrade 9.0.2 -> 9.0.4
iptables: upgrade 1.8.5 -> 1.8.6
libsolv: upgrade 0.7.14 -> 0.7.16
stress-ng: upgrade 0.11.21 -> 0.11.23
libhandy: upgrade 1.0.0 -> 1.0.1
freetype: upgrade 2.10.2 -> 2.10.4
linux-firmware: upgrade 20200817 -> 20201022
alsa: upgrade 1.2.3 -> 1.2.4
gstreamer1.0: upgrade 1.18.0 -> 1.18.1
x264: upgrade to latest revision
rt-tests/hwlatdetect: upgrade 1.8 -> 1.9
webkitgtk: upgrade 2.30.1 -> 2.30.2
diffoscope: upgrade 160 -> 161
enchant2: upgrade 2.2.9 -> 2.2.12
libassuan: upgrade 2.5.3 -> 2.5.4
libcap-ng: upgrade 0.7.11 -> 0.8
libevdev: upgrade 1.9.1 -> 1.10.0
libgcrypt: upgrade 1.8.6 -> 1.8.7
libmpc: upgrade 1.2.0 -> 1.2.1
libsoup-2.4: upgrade 2.70.0 -> 2.72.0
numactl: upgrade 2.0.13 -> 2.0.14
kea: use odd-even version scheme for updates
mesa: fix a build race
clutter-gst-3.0: do not call out to host gstreamer plugin scanner
conf-notes.txt: mention more important images than just sato
weston-init: correctly start under systemd
weston-init: fall back to fbdev under x32
wayland-utils: introduce a recipe
poky/conf-notes.txt: mention more important images than just sato
python3: split python target configuration into own class
python3-pycairo: use python3targetconfig
distutils3-base.bbclass: use python3targetconfig
meta: drop _PYTHON_SYSCONFIGDATA_NAME hacks
gpgme: use python3targetconfig
bitbake: lib/bb/fetch2/__init__.py: drop _PYTHON_SYSCONFIGDATA_NAME unsetting
Alexander Vickberg (1):
socat: make building with OpenSSL support optional
Alistair (1):
weston-init: Fix incorrect idle-time setting
Andrej Valek (1):
autotools: CONFIG_SHELL defaults
Andrey Zhizhikin (1):
insane: add GitLab /archive/ tests
Anibal Limon (1):
recipes-graphics: libxkbcommon disable build of libxkbregistry
Anuj Mittal (2):
glib-2.0: RDEPEND on dbusmock only when GI_DATA_ENABLED is True
distutils-common-base: fix LINKSHARED expansion
Bruce Ashfield (17):
kernel: provide module.lds for out of tree builds in v5.10+
linux-yocto/5.8: update to v5.8.15
linux-yocto/5.4: update to v5.4.71
linux-yocto/5.8: update to v5.8.16
linux-yocto/5.4: update to v5.4.72
linux-yocto/5.8: update to v5.8.17
linux-yocto/5.4: update to v5.4.73
linux-yocto-dev: move to v5.10-rc
linux-yocto/5.4: config cleanup / warnings
linux-yocto/5.8: config cleanup / warnings
linux-yocto/5.8: update to v5.8.18
linux-yocto/5.4: update to v5.4.75
kernel: relocate copy of module.lds to module compilation task
linux-yocto/5.4: perf: Alias SYS_futex with SYS_futex_time64 on 32-bit arches with 64bit time_t
linux-yocto/5.8: perf: Alias SYS_futex with SYS_futex_time64 on 32-bit arches with 64bit time_t
linux-yocto/5.8: ext4/tipc warning fixups
linux-yocto/5.4: update to v5.4.78
Chaitanya Vadrevu (1):
isoimage-isohybrid.py: Support adding files/dirs
Changqing Li (2):
timezone: upgrade to 2020d
vulkan-samples: fix do_compile failure
Chee Yang Lee (2):
bluez5: update to 5.55
ruby: update to 2.7.2
Chris Laplante (4):
bitbake: main: extract creation of argument parser into function so it can be utilized externally, e.g. by unit tests
bitbake: bb.ui: delete __init__.py to make bb.ui a namespace package
bitbake: cookerdata: tweak to avoid mutable default argument
cases/bbtests.py: ensure PACKAGE_CLASSES is set to RPM for bbtests.BitbakeTests.test_force_task_1
Dan Callaghan (1):
gdb: add PACKAGECONFIG for xz (lzma) compression support
Denys Dmytriyenko (1):
grep: upgrade 3.4 -> 3.5
Denys Zagorui (1):
binutils: reproducibility: reuse debug-prefix-map for stabs
Federico Pellegrin (1):
openssl: Add c_rehash to misc package and add perl runtime dependency
Fedor Ross (2):
sysvinit: remove bashism to be compatible with dash
eudev: remove bashism to be compatible with dash
Fredrik Gustafsson (1):
package management: Allow dynamic loading of PM
Gratian Crisan (1):
kernel-module-split.bbclass: identify kernel modconf files as configuration files
He Zhe (1):
lttng-modules: Backport a patch to fix btrfs build failure
Hombourger, Cedric (1):
bitbake: fetch2: use relative symlinks for anything pulled from PREMIRRORS
Hongxu Jia (1):
bitbake: Revert "bb.ui: delete __init__.py to make bb.ui a namespace package"
INC@Cisco) (1):
kernel-devsrc: improve reproducibility for arm64
Jason Wessel (2):
base-files/profile: Add universal resize function
systemd-serialgetty: Switch to TERM=linux
Jose Quaresma (31):
spirv-tools: import from meta-oe to OE core
spirv-tools: enable native build and install more header files
glslang: add receipe
shaderc: add receipe
spirv-tools: fix identation and cleanup install append
maintainers.inc: Add Jose Quaresma
gstreamer1.0: Fix reproducibility issue around libcap
gstreamer1.0: upgrade to version 1.18.0
gstreamer1.0-plugins-base: upgrade to version 1.18.0
gstreamer1.0-plugins-base: add new meson option as PACKAGECONFIG
gstreamer1.0-plugins-good: upgrade to version 1.18.0
gstreamer1.0-plugins-good: disable new meson options
gstreamer1.0-plugins-good: add new meson option as PACKAGECONFIG
gstreamer1.0-plugins-bad: upgrade to version 1.18.0
gstreamer1.0-plugins-bad: disable new meson options
gstreamer1.0-plugins-bad: add new meson options as PACKAGECONFIG
gstreamer1.0-plugins-ugly: upgrade to version 1.18.0
gstreamer1.0-python: upgrade to version 1.18.0
gstreamer1.0-python: install append is not need any more
gstreamer1.0-rtsp-server: upgrade to version 1.18.0
gstreamer1.0-vaapi: upgrade to version 1.18.0
gst-examples: upgrade to version 1.18.0
gstreamer1.0-omx: upgrade to version 1.18.0
gstreamer1.0-libav: upgrade to version 1.18.0
gst-devtools: add version 1.18.0 (gst-validate -> gst-devtools)
orc: Upgrade 0.4.31 -> 0.4.32
gstreamer1.0-plugins-good: on wayland qt5 needs qtwayland
gstreamer1.0-libav: add comercial license flags as ffmpeg needs this
gstreamer1.0-plugins-bad: add srt package config knob
ffmpeg: add srt package config knob
gstreamer1.0-plugins-good: add package config knob for the Raspberry Pi
Joseph Reynolds (1):
add new extrausers command passwd-expire
Joshua Watt (8):
documentation: Add Pipenv support
systemd: Re-enable chvt as non-root user without polkit
python3-pycryptodomex: upgrade 3.9.8 -> 3.9.9
weston-init: Stop running weston as root
python3-pycryptodome: upgrade 3.9.8 -> 3.9.9
bitbake: bitbake: hashserve: Add async client
bitbake: bitbake: hashserve: Add support for readonly upstream
bitbake: bitbake: cache: Remove bad keys() function
Kai Kang (1):
sudo: fix multilib conflict
Khasim Mohammed (1):
grub: add grub-nativesdk
Khem Raj (34):
webkitgtk: Disable gold linker and JIT on riscv
init-ifupdown: Define interfaces file for riscv emulators
init-ifupdown: Merge all interface files for differnet qemus
musl: Update to latest master
qemuboot.bbclass: Fix a typo
musl: Add .file directive in crt assembly files
musl: Update to latest
rpm: Fix error.h handing properly on musl
gdb: Update to 10.x release
numactl: Link with libatomic on rv64/rv32
gstreamer: Fix build on 32bit arches with 64bit time_t
rt-tests: Enable only for x86/ppc64 architectures
lto: Add global LTO distro policy file
python3: Enable lto if its in DISTRO_FEATURES
lto.inc: Add -ffat-lto-objects and -fuse-linker-plugin
lto: Introduce LTOEXTRA variable
libaio: Disable LTO
weston: Fix linking with LTO
lto.inc: Disable LTO for xserver-xorg
gcc: Do no parameterize LTO configuration flags
puzzles: Check for excessive constant arguments
lto.inc: Disable LTO for perf
gcc: Handle duplicate names for variables
musl: Update to latest master
lrzsz: Use Cross AR during compile
gawk: Avoid using host ar during cross compile
lto.inc: Disable LTO for webkit
python-numpy: Add support for riscv32
arch-riscv: Enable qemu-usermode on rv32
python3targetconfig.bbclass: Make py3 dep and tasks only for target recipes
go: Update to 1.15.5
binutils: Fix linker errors on chromium/ffmpeg on aarch64
python3-numpy: Upgrade to 1.19.4
python3-numpy: Add ptest
Konrad Weihmann (3):
oeqa/core/context: expose results as variable
oeqa/core/context: initialize _run_end_time
testimage: print results for interrupted runs
Lee Chee Yang (5):
bitbake: BBHandler: prompt error when task name contain expression
libproxy: fix CVE-2020-26154
python3: fix CVE-2020-27619
python3: whitelist CVE-2020-15523
qemu: fix CVE-2020-24352
Loic Domaigne (1):
roofs_*.bbclass: fix missing vardeps for do_rootfs
Luca Boccassi (1):
dbus: split -common and -tools out of main package
Mark Jonas (4):
libsdl2: Fix directfb syntax error
libsdl2: Fix directfb SDL_RenderFillRect
libbsd: Remove BSD-4-Clause from main package
libsdl2: Add directfb to PACKAGECONFIG rdepends
Martin Jansa (5):
tune-arm9tdmi.inc: include arm9tdmi in PACKAGE_ARCHS
gnutls: explicitly set --with-librt-prefix
webkitgtk: fix opengl PACKAGECONFIG
webkitgtk: fix build with x11 enabled
weston: add pam to REQUIRED_DISTRO_FEATURES
Matt Madison (1):
layer.conf: fix syntax error in PATH setting
Max Krummenacher (1):
linux-firmware: rdepend on license for all nvidia packages
Maxime Roussin-BĂ©langer (3):
meta: fix some unresponsive homepages and bugtracker links
bitbake: cache: remove unused variables.
bitbake: monitordisk: remove unused function parameter
Mert Kirpici (2):
bitbake: fetch2: add zstd support to unpack
bitbake: doc/conf.py: add missing import sys
Mingli Yu (2):
bitbake.conf: Exclude ${CCACHE_DIR} from pseudo database
update_udev_hwdb: clean hwdb.bin
Nathan Rossi (4):
vim: add nativesdk to BBCLASSEXTEND
rsync: add nativesdk to BBCLASSEXTEND
diffstat: add nativesdk to BBCLASSEXTEND
cml1.bbclass: Handle ncurses-native being available via pkg-config
Nicolas Dechesne (17):
conf: update for release 3.2
poky.yaml: remove unused variables
poky.yaml: updates for 3.2
sphinx: releases: add link to 3.1.3
what-i-wish-id-known: replace labels with references to section title
sdk-manual: replace labels with references to section title
ref-manual: replace labels with references to section title
dev-manual: replace labels with references to section title
kernel-dev: replace labels with references to section title
test-manual: remove unused labels
bsp-guide: remove unused labels
kernel-dev: remove unused labels
profile-manual: remove unused labels
sdk-manual: remove unused labels
toaster-manual: remove unused labels
Makefile: enable parallel build
bitbake: docs: Makefile: enable parallel build
Norbert Kaminski (1):
grub: Add support for RISC-V
Paul Barker (11):
conf.py: Improve TOC and Outline depth in PDF output
conf.py: Add oe_git directive
documentation/README: Refer to top-level README for contributions
dev-manual-common-tasks: Fix refs to testing branches
dev-manual-common-tasks: Update & move patchwork reference
dev-manual-common-tasks: Tidy up patch submission process
dev-manual-common-tasks: Describe git-send-email accurately
dev-manual-common-tasks: Describe how to handle patch feedback
dev-manual-common-tasks: Describe how to propose changes to stable branches
dev-manual-common-tasks: Re-order patch submission instructions
poky.yaml: Define DISTRO_NAME_NO_CAP_LTS
Paul Eggleton (10):
ref-manual: add reference anchors for each QA check
ref-manual: fix for features_check class change
ref-manual: QA check updates
ref-manual: add PSEUDO_IGNORE_PATHS
ref-manual: add IMAGE_VERSION_SUFFIX variable
ref-manual: add IMAGE_NAME_SUFFIX variable
ref-manual: add migration section for 3.2
ref-manual: add IMAGE_LINK_NAME
ref-manual: add migration info for image-artifact-names
ref-manual: add migration info about MLPREFIX changes
Peter Bergin (2):
rt-tests: backport patch that enable build for all archs
Revert "rt-tests: Enable only for x86/ppc64 architectures"
Purushottam choudhary (1):
systemd: selinux hook handling to enumerate nexthop
Randy MacLeod (1):
libsdl2: Disable video-rpi
Randy Witt (4):
numactl: Add the recipe for numactl
numactl: Remove COMPATIBLE_HOST restrictions
numactl: Skip the ptests when numa is not supported
rt-tests: Update recipes to use 1.8
Ricardo Salveti (1):
dosfstools: add mkfs.vfat to ALTERNATIVE
Richard Leitner (4):
deb: replace deprecated apt force-yes argument
xcb-proto: update to 1.14.1
deb: export INTERCEPT_DIR for remove actions
weston-init: introduce WESTON_GROUP
Richard Purdie (21):
ref-manual/faq: Add entry for why binaries are changed in images
dev-manual: Add a note about prelink changing prebuild binaries
sstatesig: Log timestamps for hashequiv in reprodubile builds for do_package
netbase: Add whitespace to purge bogus hash equivalence from autobuilder
scripts/buildhistory_analysis: Avoid tracebacks from file comparision code
maintainers: Add myself as numactl maintainer to avoid QA errors
bitbake: bitbake: Post release version bump
poky.conf: Post release version bump
libxcb: Fix install file owner/group
bitbake: siggen: Remove broken optimisation
bitbake: fetch2/git: Document that we won't support passwords in git urls
sstatesig: Remove workaround for bitbake taskhash bug
ptest-runner: Fix license as it contains 'or later' clause
libdnf: Fix license as it contains 'or later' clause
alsa-utils: Fix license to GPLv2 only
overview-manual-concepts: Fix the compiler bootstrap process
bitbake: Add missing documentation Makefile
oeqa/commands: Fix compatibility with python 3.9
fs-perms: Ensure /usr/src/debug/ file modes are correct
e2fsprogs: Fix a ptest permissions determinism issue
uninative: Don't use single sstate for pseudo-native
Robert P. J. Day (3):
ref-manual/ref-variables: "PACKAGE_FEEDS_ARCHS" -> "PACKAGE_FEED_ARCHS"
README: "yocto-project-qs" -> "brief-yoctoprojectqs"
adt-manual: delete obsolete ADT manual, and related content
Ross Burton (13):
rpm: use libgcrypt instead of OpenSSL for cryptography
syslinux: add link to upstream discussion in patch
json-glib: use PACKAGECONFIG for tests
json-glib: update patch status
libical: backport a patch to fix build with ICU 68.1
webkitgtk: fix build with ICU 68.1
cve-check: show real PN/PV
python3: add CVE-2007-4559 to whitelist
sqlite3: add CVE-2015-3717 to whitelist
gstreamer1.0-rtsp-server: set CVE_PRODUCT
gstreamer1.0-plugins-base: set CVE_PRODUCT
bitbake: providers: selected version not available should be a warning
cve-update-db-native: handle all-wildcard versions
Saul Wold (1):
classes/buildhistory: record LICENSE
Sinan Kaya (2):
volatile-binds: add /srv to mount and install
kernel-uboot: allow compression option to be configurable
Stacy Gaikovaia (1):
valgrind: helgrind: Intercept libc functions
Steve Sakoman (3):
netbase: update SRC_URI to reflect new file name
openssh: whitelist CVE-2014-9278
cups: whitelist CVE-2018-6553
Tim Orling (22):
python3-atomicwrites: move from meta-python
python3-attrs: move from meta-python
python3-iniconfig: move from meta-python
python3-more-itertools: move from meta-python
python3-pathlib2: move from meta-python
python3-toml: move from meta-python
python3-py: move from meta-python
python3-setuptools-scm: move from meta-python
python3-packaging: move from meta-python
python3-wcwidth: move from meta-python
python3-zipp: move from meta-python
python3-importlib-metadata: move from meta-python
python3-pluggy: move from meta-python
python3-pytest: move from meta-python
maintainers.inc: add self for new pytest packages
python3-more-itertools: upgrade 8.5.0 -> 8.6.0
python3-importlib-metadata: upgrade 2.0.0 to 3.1.0
python3-pytest: RDEPENDS on python3-toml
python3-hypothesis: move from meta-python
python3-sortedcontainers: move from meta-python
maintainers.inc: add self for new python recipes
python3-hypothesis: upgrade 5.41.3 -> 5.41.4
Tom Hochstein (1):
mesa: Add xcb-fixes to loader when using x11 and dri3
Vyacheslav Yurkov (1):
license_image.bbclass: use canonical name for license files
Wonmin Jung (1):
kernel: Set proper LD in KERNEL_KCONFIG_COMMAND
Yann Dirson (6):
systemtap: split examples and python scripts out of main package
systemtap: remove extra dependencies
systemtap: clarify the relation between exporter and python3-probes feature
systemtap: fix install when python3-probes is disabled in PACKAGECONFIG
systemtap: split runtime material in its own package
systemtap: avoid RDEPENDS on python3-core when not using python3
Yann E. MORIN (2):
common-licenses: add bzip2-1.0.4
recipes-core/busybox: fixup licensing information
Yi Zhao (5):
resolvconf: do not install dhclient hooks
connman: set service to conflict with systemd-networkd
pulseaudio: unify volatiles file name
dhcpcd: install dhcpcd to /sbin rather than /usr/sbin
dhcpcd: upgrade 9.3.1 -> 9.3.2
Yongxin Liu (2):
grub: fix several CVEs in grub 2.04
grub: clean up CVE patches
zangrc (18):
python3-pycairo: upgrade 1.19.1 -> 1.20.0
iproute2: upgrade 5.8.0 -> 5.9.0
icu: upgrade 67.1 -> 68.1
libdnf: upgrade 0.54.2 -> 0.55.0
libinput: upgrade 1.16.2 -> 1.16.3
enchant2: upgrade 2.2.12 -> 2.2.13
libdrm: upgrade 2.4.102 -> 2.4.103
gmp: upgrade 6.2.0 -> 6.2.1
gpgme: upgrade 1.14.0 -> 1.15.0
libunwind: upgrade 1.4.0 -> 1.5.0
msmtp: upgrade 1.8.12 -> 1.8.13
gtk-doc: upgrade 1.33.0 -> 1.33.1
hdparm: upgrade 9.58 -> 9.60
libcap-ng: upgrade 0.8 -> 0.8.1
libjpeg-turbo: upgrade 2.0.5 -> 2.0.6
libxkbcommon: upgrade 1.0.1 -> 1.0.3
pulseaudio: upgrade 13.0 -> 14.0
wireless-regdb: upgrade 2020.04.29 -> 2020.11.20
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I22fa6c7160be5ff2105113cc63acc25f8977ae4e
Diffstat (limited to 'poky/meta/recipes-support/gnutls')
-rw-r--r-- | poky/meta/recipes-support/gnutls/gnutls/0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch | 90 | ||||
-rw-r--r-- | poky/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch | 117 | ||||
-rw-r--r-- | poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb (renamed from poky/meta/recipes-support/gnutls/gnutls_3.6.14.bb) | 7 |
3 files changed, 3 insertions, 211 deletions
diff --git a/poky/meta/recipes-support/gnutls/gnutls/0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch b/poky/meta/recipes-support/gnutls/gnutls/0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch deleted file mode 100644 index a610abf9b..000000000 --- a/poky/meta/recipes-support/gnutls/gnutls/0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch +++ /dev/null @@ -1,90 +0,0 @@ -From c0ae3f659c6c130d151378ba4d7d861e3b7b970f Mon Sep 17 00:00:00 2001 -From: Lei Maohui <leimaohui@cn.fujitsu.com> -Date: Wed, 8 Jul 2020 14:50:27 +0900 -Subject: [PATCH] Modied the license to GPLv2.1+ to keep with LICENSE file. - -Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> -Please reference to https://gitlab.com/gnutls/gnutls/-/issues/1018. -Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/merge_requests/1285]. ---- - lib/x509/krb5.c | 20 +++++++++++--------- - lib/x509/krb5.h | 20 +++++++++++--------- - 2 files changed, 22 insertions(+), 18 deletions(-) - -diff --git a/lib/x509/krb5.c b/lib/x509/krb5.c -index 7fe84e6..d68c737 100644 ---- a/lib/x509/krb5.c -+++ b/lib/x509/krb5.c -@@ -1,21 +1,23 @@ - /* - * Copyright (C) 2015 Red Hat, Inc. - * -+ * Author: Nikos Mavrogiannopoulos -+ * - * This file is part of GnuTLS. - * -- * GnuTLS is free software: you can redistribute it and/or modify it -- * under the terms of the GNU General Public License as published by -- * the Free Software Foundation, either version 3 of the License, or -- * (at your option) any later version. -+ * The GnuTLS is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public License -+ * as published by the Free Software Foundation; either version 2.1 of -+ * the License, or (at your option) any later version. - * -- * GnuTLS is distributed in the hope that it will be useful, but -+ * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -- * General Public License for more details. -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this program. If not, see <https://www.gnu.org/licenses/> - * -- * You should have received a copy of the GNU General Public License -- * along with this program. If not, see -- * <https://www.gnu.org/licenses/>. - */ - - #include <config.h> -diff --git a/lib/x509/krb5.h b/lib/x509/krb5.h -index d8926af..815bb28 100644 ---- a/lib/x509/krb5.h -+++ b/lib/x509/krb5.h -@@ -1,21 +1,23 @@ - /* - * Copyright (C) 2015 Red Hat, Inc. - * -+ * Author: Nikos Mavrogiannopoulos -+ * - * This file is part of GnuTLS. - * -- * GnuTLS is free software: you can redistribute it and/or modify it -- * under the terms of the GNU General Public License as published by -- * the Free Software Foundation, either version 3 of the License, or -- * (at your option) any later version. -+ * The GnuTLS is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public License -+ * as published by the Free Software Foundation; either version 2.1 of -+ * the License, or (at your option) any later version. - * -- * GnuTLS is distributed in the hope that it will be useful, but -+ * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -- * General Public License for more details. -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this program. If not, see <https://www.gnu.org/licenses/> - * -- * You should have received a copy of the GNU General Public License -- * along with this program. If not, see -- * <https://www.gnu.org/licenses/>. - */ - - #ifndef GNUTLS_LIB_X509_KRB5_H --- -2.17.1 - diff --git a/poky/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch b/poky/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch deleted file mode 100644 index 1702325e6..000000000 --- a/poky/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch +++ /dev/null @@ -1,117 +0,0 @@ -From 29ee67c205855e848a0a26e6d0e4f65b6b943e0a Mon Sep 17 00:00:00 2001 -From: Daiki Ueno <ueno@gnu.org> -Date: Sat, 22 Aug 2020 17:19:39 +0200 -Subject: [PATCH] handshake: reject no_renegotiation alert if handshake is - incomplete - -If the initial handshake is incomplete and the server sends a -no_renegotiation alert, the client should treat it as a fatal error -even if its level is warning. Otherwise the same handshake -state (e.g., DHE parameters) are reused in the next gnutls_handshake -call, if it is called in the loop idiom: - - do { - ret = gnutls_handshake(session); - } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); - -Signed-off-by: Daiki Ueno <ueno@gnu.org> -CVE: CVE-2020-24659 -Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls.git] -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> ---- - lib/gnutls_int.h | 1 + - lib/handshake.c | 48 +++++++++++++----- - 2 files changed, 36 insertions(+), 13 deletions(-) - -diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h -index bb6c19713..31cec5c0c 100644 ---- a/lib/gnutls_int.h -+++ b/lib/gnutls_int.h -@@ -1370,6 +1370,7 @@ typedef struct { - #define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */ - #define HSK_OCSP_REQUESTED (1<<27) /* server: client requested OCSP stapling */ - #define HSK_CLIENT_OCSP_REQUESTED (1<<28) /* client: server requested OCSP stapling */ -+#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */ - - /* The hsk_flags are for use within the ongoing handshake; - * they are reset to zero prior to handshake start by gnutls_handshake. */ -diff --git a/lib/handshake.c b/lib/handshake.c -index b40f84b3d..ce2d160e2 100644 ---- a/lib/handshake.c -+++ b/lib/handshake.c -@@ -2051,6 +2051,8 @@ read_server_hello(gnutls_session_t session, - if (ret < 0) - return gnutls_assert_val(ret); - -+ session->internals.hsk_flags |= HSK_SERVER_HELLO_RECEIVED; -+ - return 0; - } - -@@ -2575,16 +2577,42 @@ int gnutls_rehandshake(gnutls_session_t session) - return 0; - } - -+/* This function checks whether the error code should be treated fatal -+ * or not, and also does the necessary state transition. In -+ * particular, in the case of a rehandshake abort it resets the -+ * handshake's internal state. -+ */ - inline static int - _gnutls_abort_handshake(gnutls_session_t session, int ret) - { -- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) && -- (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION)) -- || ret == GNUTLS_E_GOT_APPLICATION_DATA) -- return 0; -+ switch (ret) { -+ case GNUTLS_E_WARNING_ALERT_RECEIVED: -+ if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) { -+ /* The server always toleretes a "no_renegotiation" alert. */ -+ if (session->security_parameters.entity == GNUTLS_SERVER) { -+ STATE = STATE0; -+ return ret; -+ } -+ -+ /* The client should tolerete a "no_renegotiation" alert only if: -+ * - the initial handshake has completed, or -+ * - a Server Hello is not yet received -+ */ -+ if (session->internals.initial_negotiation_completed || -+ !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) { -+ STATE = STATE0; -+ return ret; -+ } - -- /* this doesn't matter */ -- return GNUTLS_E_INTERNAL_ERROR; -+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); -+ } -+ return ret; -+ case GNUTLS_E_GOT_APPLICATION_DATA: -+ STATE = STATE0; -+ return ret; -+ default: -+ return ret; -+ } - } - - -@@ -2747,13 +2774,7 @@ int gnutls_handshake(gnutls_session_t session) - } - - if (ret < 0) { -- /* In the case of a rehandshake abort -- * we should reset the handshake's internal state. -- */ -- if (_gnutls_abort_handshake(session, ret) == 0) -- STATE = STATE0; -- -- return ret; -+ return _gnutls_abort_handshake(session, ret); - } - - /* clear handshake buffer */ --- -2.17.0 - diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.6.14.bb b/poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb index 51578b4b3..b936db50d 100644 --- a/poky/meta/recipes-support/gnutls/gnutls_3.6.14.bb +++ b/poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb @@ -19,11 +19,9 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ file://arm_eabi.patch \ - file://0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch \ - file://CVE-2020-24659.patch \ -" + " -SRC_URI[sha256sum] = "5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63" +SRC_URI[sha256sum] = "0ea8c3283de8d8335d7ae338ef27c53a916f15f382753b174c18b45ffd481558" inherit autotools texinfo pkgconfig gettext lib_package gtk-doc @@ -45,6 +43,7 @@ EXTRA_OECONF = " \ --enable-local-libopts \ --enable-openssl-compatibility \ --with-libpthread-prefix=${STAGING_DIR_HOST}${prefix} \ + --with-librt-prefix=${STAGING_DIR_HOST}${prefix} \ --with-default-trust-store-file=${sysconfdir}/ssl/certs/ca-certificates.crt \ " |