diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2023-10-03 17:44:52 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2023-10-03 18:04:36 +0300 |
| commit | 1e488cdf844bf4aa82d3c90875a56fb35c7f210d (patch) | |
| tree | be163d890651760d24effea503cd567df3e119b5 /poky/documentation/sdk-manual/extensible.rst | |
| parent | 4f6b1c0dcf9f9cb734f71b277af913e0d58c503f (diff) | |
| download | openbmc-1e488cdf844bf4aa82d3c90875a56fb35c7f210d.tar.xz | |
subtree updates oct 3 2023mickledore
poky: fc25449687..a61e021c65:
Alberto Planas (1):
bitbake.conf: add unzstd in HOSTTOOLS
Alejandro Hernandez Samaniego (2):
baremetal-helloworld: Update SRCREV to fix entry addresses for ARM architectures
baremetal-helloworld: Fix race condition
Alex Kiernan (2):
rootfs: Add debugfs package db file copy and cleanup
rpm: Pick debugfs package db files/dirs explicitly
Alexander Kanavin (35):
maintaines.inc: unassign Richard Weinberger from erofs-utils entry
maintainers.inc: unassign Andreas Müller from itstool entry
maintainers.inc: unassign Pascal Bach from cmake entry
maintainers.inc: correct unassigned entries
maintainers.inc: correct Carlos Rafael Giani's email address
apr: upgrade 1.7.3 -> 1.7.4
scripts/runqemu: split lock dir creation into a reusable function
scripts/runqemu: allocate unfsd ports in a way that doesn't race or clash with unrelated processes
qemu: a pending patch was submitted and accepted upstream
maintainers.inc: unassign Adrian Bunk from wireless-regdb
maintainers.inc: unassign Alistair Francis from opensbi
maintainers.inc: unassign Chase Qi from libc-test
maintainers.inc: unassign Oleksandr Kravchuk from python3 and all other items
maintainers.inc: unassign Ricardo Neri from ovmf
grub: submit determinism.patch upstream
gawk: upgrade 5.2.1 -> 5.2.2
gnupg: upgrade 2.4.0 -> 2.4.2
libx11: upgrade 1.8.4 -> 1.8.5
linux-firmware: upgrade 20230404 -> 20230515
serf: upgrade 1.3.9 -> 1.3.10
wget: upgrade 1.21.3 -> 1.21.4
wireless-regdb: upgrade 2023.02.13 -> 2023.05.03
gdb: upgrade 13.1 -> 13.2
sysfsutils: fetch a supported fork from github
diffutils: update 3.9 -> 3.10
libproxy: fetch from git
cargo.bbclass: set up cargo environment in common do_compile
rust-common.bbclass: move musl-specific linking fix from rust-source.inc
Revert "rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock"
ref-manual: document image-specific variant of INCOMPATIBLE_LICENSE
glibc-locale: use stricter matching for metapackages' runtime dependencies
devtool/upgrade: raise an error if extracting source produces more than one directory
curl: ensure all ptest failures are caught
python3: upgrade 3.11.2 -> 3.11.3
python3: update 3.11.3 -> 3.11.4
Alexis Lothoré (2):
scripts/resulttool: add mention about new detected tests
oeqa/utils/gitarchive: fix tag computation when creating archive
Andrej Valek (2):
busybox: 1.36.0 -> 1.36.1
maintainers.inc: Modify email address
Anuj Mittal (7):
gstreamer1.0: upgrade 1.22.2 -> 1.22.3
selftest/cases/glibc.py: fix the override syntax
glibc/check-test-wrapper: don't emit warnings from ssh
selftest/cases/glibc.py: increase the memory for testing
oeqa/utils/nfs: allow requesting non-udp ports
selftest/cases/glibc.py: switch to using NFS over TCP
gstreamer1.0: upgrade 1.22.4 -> 1.22.5
Archana Polampalli (3):
qemu: fix CVE-2023-0330
bind: upgrade 9.18.15 -> 9.18.16
vim: upgrade 9.0.1592 -> 9.0.1664
BELOUARGA Mohamed (2):
meta: lib: oe: npm_registry: Add more safe caracters
linux-firmware : Add firmware of RTL8822 serie
Benjamin Bouvier (1):
util-linux: add alternative links for ipcs,ipcrm
Bruce Ashfield (33):
linux-yocto/6.1: update to v6.1.26
linux-yocto/6.1: update to v6.1.27
linux-yocto/6.1: update to v6.1.28
linux-yocto/6.1: update to v6.1.29
linux-yocto/6.1: update to v6.1.30
linux-yocto/6.1: update to v6.1.31
linux-yocto/6.1: update to v6.1.32
linux-yocto/5.15: update to v5.15.114
linux-yocto/5.15: update to v5.15.115
linux-yocto/5.15: update to v5.15.116
linux-yocto/5.15: update to v5.15.117
linux-yocto/5.15: update to v5.15.118
linux-yocto/5.15: cfg: fix DECNET configuration warning
linux-yocto/6.1: update to v6.1.33
linux-yocto/6.1: fix intermittent x86 boot hangs
linux-yocto/6.1: update to v6.1.34
linux-yocto/6.1: update to v6.1.35
linux-yocto/5.15: update to v5.15.119
linux-yocto/5.15: update to v5.15.120
linux-yocto/6.1: update to v6.1.36
linux-yocto/6.1: update to v6.1.37
linux-yocto/6.1: update to v6.1.38
linux-yocto/5.15: update to v5.15.122
linux-yocto/5.15: update to v5.15.123
linux-yocto/5.15: update to v5.15.124
linux-yocto/6.1: cfg: update ima.cfg to match current meta-integrity
linux-yocto/6.1: update to v6.1.41
linux-yocto/6.1: update to v6.1.43
linux-yocto/6.1: update to v6.1.44
linux-yocto/6.1: update to v6.1.45
linux-yocto/6.1: fix uninitialized read in nohz_full/isolcpus setup
linux-yocto/6.1: update to v6.1.46
linux-yocto/6.1: fix IRQ-80 warnings
Changqing Li (4):
systemd: fix a dead link under /var/log
dnf: only write the log lock to root for native dnf
rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock
erofs-utils: fix CVE-2023-33551/CVE-2023-33552
Charlie Wu (1):
devtool: Fix the wrong variable in srcuri_entry
Chee Yang Lee (6):
python3-requests: fix CVE-2023-32681
curl: fix CVE-2023-32001
ghostscript: fix CVE-2023-38559
librsvg: upgrade to 2.54.6
libssh2: fix CVE-2020-22218
python3: update to 3.11.5
Chen Qi (13):
cmake.bbclass: do not search host paths for find_program()
qemurunner.py: fix error message about qmp
sdk.py: error out when moving file fails
sdk.py: fix moving dnf contents
rpm: write macros under libdir
zip: fix configure check by using _Static_assert
zip: remove unnecessary LARGE_FILE_SUPPORT CLFAGS
unzip: fix configure check for cross compilation
unzip: remove hardcoded LARGE_FILE_SUPPORT
ncurses: fix CVE-2023-29491
cmake.bbclass: fix allarch override syntax
multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS
gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation
Daniel Semkowicz (1):
dev-manual: wic.rst: Update native tools build command
Deepthi Hemraj (2):
glibc: stable 2.37 branch updates.
binutils: stable 2.40 branch updates
Denys Dmytriyenko (1):
binutils: move packaging of gprofng static lib into common .inc
Dmitry Baryshkov (3):
openssl: fix building on riscv32
linux-firmware: package firmare for Dragonboard 410c
linux-firmware: split platform-specific Adreno shaders to separate packages
Ed Beroset (1):
ref-manual: add clarification for SRCREV
Enrico Scholz (1):
shadow-sysroot: add license information
Etienne Cordonnier (2):
libxcrypt: fix hard-coded ".so" extension
vim: update obsolete comment
Fabien Mahot (2):
useradd-example: package typo correction
oeqa/selftest/bbtests: add non-existent prefile/postfile tests
Frieder Paape (1):
image_types: Fix reproducible builds for initramfs and UKI img
Frieder Schrempf (1):
psmisc: Set ALTERNATIVE for pstree to resolve conflict with busybox
Hannu Lounento (1):
profile-manual: fix blktrace remote usage instructions
Ian Ray (1):
systemd-systemctl: support instance expansion in WantedBy
Jaeyoon Jung (1):
cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig
Jermain Horsman (1):
logrotate: Do not create logrotate.status file
Joe Slater (1):
ghostscript: fix CVE-2023-36664
Joel Stanley (1):
kernel: don't fail if Modules.symvers doesn't exist
Jose Quaresma (8):
kernel: config modules directories are handled by kernel-module-split
kernel-module-split: install config modules directories only when they are needed
kernel-module-split: use context manager to open files
kernel-module-split: make autoload and probeconf distribution specific
kernel-module-split add systemd modulesloaddir and modprobedir config
openssl: add PERLEXTERNAL path to test its existence
openssl: use a glob on the PERLEXTERNAL to track updates on the path
go: update 1.20.5 -> 1.20.6
Julien Stephan (1):
automake: fix buildtest patch
Jörg Sommer (2):
runqemu-gen-tapdevs: Refactoring
runqemu-ifupdown/get-tapdevs: Add support for ip tuntap
Kai Kang (4):
pm-utils: fix multilib conflictions
webkitgtk: 2.38.5 -> 2.38.6
webkitgtk: fix CVE-2023-32439
webkitgtk: fix CVE-2023-32435
Khem Raj (10):
systemd: Drop a backport
perf: Make built-in libtraceevent plugins cohabit with external libtraceevent
glibc: Pass linker choice via compiler flags
babeltrace2: Always use BFD linker when building tests with ld-is-lld distro feature
parted: Add missing libuuid to linker cmdline for libparted-fs-resize.so
rpcsvc-proto: Upgrade to 1.4.4
libxml2: Do not use lld linker when building with tests on rv64
python3-bcrypt: Use BFD linker when building tests
meson.bbclass: Point to llvm-config from native sysroot
build-sysroots: Add SUMMARY field
Lee Chee Yang (7):
migration-guides: add release notes for 4.0.10
migration-guides: add release notes for 4.0.11
migration-guides: add release notes for 4.2.2
migration-guides: add release notes for 4.2.3
migration-guides: add release notes for 4.0.12
bind: update to 9.18.19
ffmpeg: 5.1.2 -> 5.1.3
Marc Ferland (1):
connman: fix warning by specifying runstatedir at configure time
Marek Vasut (1):
linux-firmware: Fix mediatek mt7601u firmware path
Mark Hatle (1):
tcf-agent: Update to 1.8.0 release
Markus Niebel (1):
wic: fix wrong attempt to create file system in upartitioned regions
Markus Volk (3):
ell: upgrade 0.56 -> 0.57
gtk4: upgrade 4.10.3 -> 4.10.4
gtk4: upgrade 4.10.4 -> 4.10.5
Martin Jansa (8):
libx11: remove unused patch and FILESEXTRAPATHS
qemu: remove unused qemu-7.0.0-glibc-2.36.patch
minicom: remove unused patch files
inetutils: remove unused patch files
libgloss: remove unused patch file
kmod: remove unused ptest.patch
tcl: prevent installing another copy of tzdata
gcc: backport a fix for ICE caused by CVE-2023-4039.patch
Michael Halstead (4):
resulttool/resultutils: allow index generation despite corrupt json
yocto-uninative: Update hashes for uninative 4.1
yocto-uninative: Update to 4.2 for glibc 2.38
yocto-uninative: Update to 4.3
Michael Opdenacker (13):
ref-manual: releases.svg: updates
conf.py: add macro for Mitre CVE links
ref-manual: LTS releases now supported for 4 years
poky.conf: update SANITY_TESTED_DISTROS to match autobuilder
scripts/create-pull-request: update URLs to git repositories
ref-manual: system-requirements: update supported distros
manuals: add new contributor guide
dev-manual: disk-space: mention faster "find" command to trim sstate cache
sdk-manual: extensible.rst: fix multiple formatting issues
dev-manual: disk-space: improve wording for obsolete sstate cache files
dev-manual: new-recipe.rst fix inconsistency with contributor guide
contributor-guide: recipe-style-guide: add Upstream-Status
dev-manual: licenses: mention SPDX for license compliance
Mikko Rapeli (1):
useradd-staticids.bbclass: improve error message
Mingli Yu (5):
curl: fix CVE-2023-28319 through CVE-2023-28322
python3-numpy: remove NPY_INLINE, use inline instead
acpica: Update SRC_URI
cups: Fix CVE-2023-34241
ruby: Fix CVE-2023-36617
Narpat Mali (5):
python3-certifi: upgrade 2022.12.7 -> 2023.7.22
ffmpeg: add CVE_CHECK_IGNORE for CVE-2023-39018
python3-git: upgrade 3.1.31 -> 3.1.32
python3-pygments: fix for CVE-2022-40896
python3-git: upgrade 3.1.32 -> 3.1.37
Natasha Bailey (1):
tiff: backport a fix for CVE-2023-2731
Oleksandr Hnatiuk (2):
file: return wrapper to fix builds when file is in buildtools-tarball
file: fix the way path is written to environment-setup.d
Ovidiu Panait (7):
mdadm: fix util-linux ptest dependency
mdadm: fix 07revert-inplace ptest
mdadm: fix segfaults when running ptests
mdadm: skip running known broken ptests
mdadm: re-add mdadm-ptest to PTESTS_SLOW
mdadm: add util-linux-blockdev ptest dependency
mdadm: skip running 04update-uuid and 07revert-inplace testcases
Peter Marko (7):
cve-update-nvd2-native: fix cvssV3 metrics
cve-update-nvd2-native: retry all errors and sleep between retries
cve-update-nvd2-native: increase retry count
libjpeg-turbo: patch CVE-2023-2804
python3: ignore CVE-2023-36632
libarchive: ignore CVE-2023-30571
openssl: Upgrade 3.1.1 -> 3.1.2
Peter Suti (1):
externalsrc: fix dependency chain issues
Poonam Jadhav (1):
pixman: Remove duplication of license MIT
Quentin Schulz (3):
docs: bsp-guide: bsp: fix typo
docs: ref-manual: terms: fix typos in SPDX term
uboot-extlinux-config.bbclass: fix old override syntax in comment
Randolph Sapp (6):
weston-init: make sure the render group exists
weston-init: add weston user to the render group
weston-init: add the weston user to the wayland group
weston-init: fix the mixed indentation
weston-init: guard against systemd configs
weston-init: add profile to point users to global socket
Richard Purdie (24):
selftest/license: Exclude from world
layer.conf: Add missing dependency exclusion
v86d: Improve kernel dependency
strace: Disable failing test
bitbake: runqueue: Fix deferred task/multiconfig race issue
strace: Merge two similar patches
strace: Update patches/tests with upstream fixes
ptest-runner: Pull in sync fix to improve log warnings
ptest-runner: Ensure data writes don't race
ptest-runner: Pull in "runner: Remove threads and mutexes" fix
gcc-testsuite: Fix ppc cpu specification
ptest-runner: Pull in parallel test fixes and output handling
glibc-testsuite: Fix network restrictions causing test failures
oeqa/target/ssh: Ensure EAGAIN doesn't truncate output
oeqa/runtime/ltp: Increase ltp test output timeout
ltp: Add kernel loopback module dependency
target/ssh: Ensure exit code set for commands
oeqa/ssh: Further improve process exit handling
pseudo: Fix to work with glibc 2.38
lib/package_manager: Improve repo artefact filtering
gnupg: Fix reproducibility failure
resulttool/report: Avoid divide by zero
build-sysroots: Ensure dependency chains are minimal
vim: Upgrade 9.0.1664 -> 9.0.1894
Riyaz Khan (1):
openssh: Remove BSD-4-clause contents completely from codebase
Roland Hieber (2):
template: fix typo in section header
ref-manual: point outdated link to the new location
Ross Burton (24):
ninja: ignore CVE-2021-4336, wrong ninja
binutils: fix CVE-2023-1972
pkgconf: upgrade 1.9.4 -> 1.9.5
git: upgrade to 2.39.3
gobject-introspection: remove obsolete DEPENDS
cve-update-nvd2-native: handle all configuration nodes, not just first
cve-update-nvd2-native: use exact times, don't truncate
cve-update-nvd2-native: log a little more
cve-update-nvd2-native: actually use API keys
tiff: upgrade to 4.5.1
gcc: don't pass --enable-standard-branch-protection
machine/arch-arm64: add -mbranch-protection=standard
pkgconf: update SRC_URI
python3: fix missing comma in get_module_deps3.py
oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
rootfs_rpm: don't depend on opkg-native for update-alternatives
ltp: add RDEPENDS on findutils
openssh: upgrade to 9.3p2
linux-yocto: add script to generate kernel CVE_CHECK_IGNORE entries
linux/cve-exclusion: add generated CVE_CHECK_IGNOREs
procps: backport fix for CVE-2023-4016
graphene: fix runtime detection of IEEE754 behaviour
gcc: Fix -fstack-protector issue on aarch64
linux-yocto: update CVE exclusions
Sakib Sajal (4):
go: Upgrade 1.20.4 -> 1.20.5
bno_plot.py, btt_plot.py: Ask for python3 specifically
go: fix CVE-2023-24531
go: upgrade 1.20.6 -> 1.20.7
Sanjana (1):
binutils: Fix CVE-2023-39128
Sanjay Chitroda (2):
cups: Fix CVE-2023-32324
curl: Add CVE-2023-28320 follow-up fix
Siddharth (1):
tiff: Security fix for CVE-2023-25434 and CVE-2023-26965
Siddharth Doshi (1):
gdb: Fix CVE-2023-39128
Soumya (1):
perl: Fix CVE-2023-31484 & CVE-2023-31486
Staffan Rydén (1):
kernel: Fix path comparison in kernel staging dir symlinking
Steve Sakoman (6):
maintainers.inc: update version for gcc-source
Revert "systemd: fix a dead link under /var/log"
poky.conf: bump version for 4.2.2 release
build-appliance-image: Update to mickledore head revision
poky.conf: bump version for 4.2.3 release
build-appliance-image: Update to mickledore head revision
Stéphane Veyret (1):
scripts/oe-setup-builddir: copy conf-notes.txt to build dir
Sudip Mukherjee (2):
dpkg: upgrade to v1.21.22
bind: upgrade to v9.18.17
Sundeep KOKKONDA (1):
gcc : upgrade to v12.3
Thomas Roos (1):
testimage/oeqa: Drop testimage_dump_host functionality
Tim Orling (1):
openssl: upgrade 3.1.0 -> 3.1.1
Tom Hochstein (1):
weston: Cleanup and fix x11 and xwayland dependencies
Trevor Gamblin (4):
bind: upgrade 9.18.13 -> 9.18.14
glib-networking: use correct error code in ptest
vim: upgrade 9.0.1527 -> 9.0.1592
linux-firmware: upgrade 20230515 -> 20230625
Wang Mingyu (24):
babeltrace2: upgrade 2.0.4 -> 2.0.5
fribidi: upgrade 1.0.12 -> 1.0.13
libdnf: upgrade 0.70.0 -> 0.70.1
libmicrohttpd: upgrade 0.9.76 -> 0.9.77
libxft: upgrade 2.3.7 -> 2.3.8
libxpm: upgrade 3.5.15 -> 3.5.16
mobile-broadband-provider-info: upgrade 20221107 -> 20230416
bind: upgrade 9.18.14 -> 9.18.15
xdpyinfo: upgrade 1.3.3 -> 1.3.4
libxml2: upgrade 2.10.3 -> 2.10.4
freetype: upgrade 2.13.0 -> 2.13.1
gstreamer1.0: upgrade 1.22.3 -> 1.22.4
libassuan: upgrade 2.5.5 -> 2.5.6
libksba: upgrade 1.6.3 -> 1.6.4
libx11: upgrade 1.8.5 -> 1.8.6
lttng-ust: upgrade 2.13.5 -> 2.13.6
taglib: upgrade 1.13 -> 1.13.1
libwebp: upgrade 1.3.0 -> 1.3.1
libnss-nis: upgrade 3.1 -> 3.2
opkg: upgrade 0.6.1 -> 0.6.2
opkg-utils: upgrade 0.5.0 -> 0.6.2
file: upgrade 5.44 -> 5.45
tar: upgrade 1.34 -> 1.35
bind: upgrade 9.18.17 -> 9.18.18
Xiangyu Chen (1):
dbus: upgrade 1.14.6 -> 1.14.8
Yash Shinde (1):
glibc: fix CVE-2023-4527
Yi Zhao (1):
ifupdown: install missing directories
Yoann Congal (3):
recipetool: Fix inherit in created -native* recipes
oeqa/selftest/devtool: add unit test for "devtool add -b"
dev-manual: remove unsupported :term: markup inside markup
Yogita Urade (8):
dmidecode: fix CVE-2023-30630
qemu: fix CVE-2023-3301
qemu: fix CVE-2023-3255
qemu: fix CVE-2023-2861
inetutils: fix CVE-2023-40303
nghttp2: fix CVE-2023-35945
dropbear: fix CVE-2023-36328
qemu: fix CVE-2023-3354
Yuta Hayama (1):
systemd-systemctl: fix errors in instance name expansion
nikhil (1):
libwebp: Fix CVE-2023-1999
sanjana (2):
binutils: stable 2.40 branch updates
glibc: stable 2.37 branch updates
meta-openembedded: 9286582126..922f41b39f:
Armin Kuster (1):
openldap: update to 2.5.16.
Beniamin Sandu (1):
lmsensors: do not pull in unneeded perl modules for run-time dependencies
Changqing Li (2):
redis: upgrade 6.2.12 -> 6.2.13
redis: upgrade 7.0.11 -> 7.0.12
Chee Yang Lee (2):
rabbitmq-c: Fix CVE-2023-35789
c-ares: upgrade 1.19.0 -> 1.19.1
Chen Qi (3):
redis: use the files path correctly
grpc: fix CVE-2023-32732
grpc: fix CVE-2023-33953
Chris Dimich (1):
image_types_sparse: Fix syntax error
Hitendra Prajapati (4):
wireshark: Fix CVE-2023-2855 & CVE-2023-2856
wireshark: Fix CVE-2023-2858 & CVE-2023-2879
wireshark: CVE-2023-2952 XRA dissector infinite loop
wireshark: Fix Multiple CVEs
Jasper Orschulko (1):
yaml-cpp: Fix cmake export
Joe Slater (3):
libgpiod: modify test 'gpioset: toggle (continuous)'
python3-sqlparse: fix CVE-2023-30608
libgpiod: modify RDEPENDS for ptest
Khem Raj (2):
fftw: Check for TOOLCHAIN_OPTIONS to be non-empty before sed ops
system-config-printer: Delete __pycache__ files
Lee Chee Yang (2):
opensc: fix CVE-2023-2977
x11vnc: Fix CVE-2020-29074
Linus Jacobson (1):
khronos-cts: Replace wayland feature dependancy with vulkan
Martin Jansa (5):
libiio: use main branch instead of master
mongodb: enable hardware crc32 only with crc in TUNE_FEATURES
khronos-cts.inc: respect MLPREFIX when appending DEPENDS with anonymous python
libcyusbserial: fix installed-vs-shipped QA issue with multilib
tcpreplay: fix pcap detection with /usr/lib32 multilib
Mingli Yu (6):
dialog: Update the SRC_URI
gnulib: Update SRC_URI
yajl: Fix CVE-2023-33460
iniparser: Fix CVE-2023-33461
php: Upgrade to 8.2.8
mcelog: Drop unneeded autotools-brokensep
Polampalli, Archana (6):
tcpreplay: upgrade 4.4.3 -> 4.4.4
nodejs: upgrade 18.14.2 -> 18.16.1
yasm: fix CVE-2023-31975
nodejs: upgrade 18.16.1 -> 18.17.1
hwloc: fix CVE-2022-47022
python3-appdirs: print ptest results in unified format
Ross Burton (5):
glade: add autoconf-archive-native DEPENDS
libgxim: add autoconf-archive-native DEPENDS
libblockdev: clean up DEPENDS
imsettings: add missing DEPENDS on autoconf-archive-native
system-config-printer: clean up DEPENDS
Sandeep Gundlupet Raju 837 (1):
opencv: Revert fix runtime dependencies
Sanjay Chitroda (1):
netkit-telnet: Fix CVE-2022-39028
Soumya (1):
yasm: fix CVE-2023-37732
Soumya Sambu (1):
krb5: Fix CVE-2023-36054
Soumya via (1):
opencv: Fix for CVE-2023-2617
Urade, Yogita t.mo (1):
c-ares: fix CVE-2023-32067
Wang Mingyu (3):
python3-django: upgrade 4.1.7 -> 4.2.1
iperf3: upgrade 3.13 -> 3.14
tcpdump: upgrade 4.99.3 -> 4.99.4
Xiangyu Chen (2):
libbpf: installing uapi headers for native package
meta-oe: add pahole to NON_MULTILIB_RECIPES
Yi Zhao (4):
frr: upgrade 8.4.2 -> 8.4.4
mbedtls: upgrade 2.28.2 -> 2.28.3
open-vm-tools: Security fix CVE-2023-20867
frr: Security fix CVE-2023-3748
Yogita Urade (1):
poppler: fix CVE-2023-34872
meta-arm: 8db460fa5d..6e199b354e:
Abdellatif El Khlifi (6):
arm-bsp/documentation: corstone1000: Update change log
arm-bsp/doc: corstone1000: Update the software architecture document
arm-bsp/documentation: corstone1000: update the release note
arm-bsp/documentation: corstone1000: update user guide
kas: set the SHAs for 2023.06 release
arm-bsp/trusted-firmware-a: corstone1000: enable ERRATA_A35_855472
Adam Johnston (2):
CI: Platform specific Trusted Services config
arm-bsp/trusted-firmware-a: Reserve OP-TEE memory from NWd on N1SDP
Anton Antonov (1):
arm/oeqa: Make ts-service-test config match selected SPs
Denys Dmytriyenko (1):
optee-os: do not explicitly set CFG_MAP_EXT_DT_SECURE=y
Emekcan Aras (7):
arm-bsp/u-boot: corstone1000: Fix EFI multiple protocol install failure
arm-bsp/u-boot: corstone1000: Enable EFI set/get time services
arm-bsp/trusted-services: corstone1000: GetNextVariableName Fix
arm-bsp/optee-os:corstone1000: Drop SPMC non secure interrupt patches
arm-bsp/u-boot: corstone1000: Fix u-boot compilation warnings
arm-bsp/trusted-services: corstone1000: Fix PSA_RAW_KEY agreement test
arm-bsp/trusted-services: corstone1000: Fix Capsule Update
Gyorgy Szing (11):
arm/trusted-services: update TS version
optee-os: remove v3.18 pin of OP-TEE on qemuarm64-secureboot
optee-os: Add support for TOS_FW_CONFIG on qemu
arm/trusted-firmware-a: Add TOS_FW_CONFIG handling for quemu
optee-test: backport SWd ABI compatibility changes
optee-os: enable SPMC test
arm/oeqa: enable OP-TEE SPMC tests
trusted-services: update documentation
arm/trusted-services: disable psa-iat on qemuarm64-secureboot
arm/trusted-services: fix nanopb build error
optee-os: unblock NWd interrupts
Jon Mason (3):
CI: remove master refspec for meta-virtualization yml file
arm/linux-yocto: move 6.1 patches to a unique bbappend
README: remove reference to meta-arm-autonomy
Robbie Cao (1):
arm/recipes-kernel: Add preempt-rt support for generic-arm64
Rui Miguel Silva (3):
arm-bsp/trusted-services:corstone1000: remove already merged patches
arm-bsp/trusted-services: remove merged patches for corstone1000
arm-bps/corstone1000: setup trusted service proxy configuration
Tomás González (2):
arm-bsp/documentation: corstone1000: Update the user guide
arm-bsp/documentation: corstone1000: Update the release notes
Change-Id: I19ad289a1580a28192b5c063d06553d4e171687b
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'poky/documentation/sdk-manual/extensible.rst')
| -rw-r--r-- | poky/documentation/sdk-manual/extensible.rst | 254 |
1 files changed, 108 insertions, 146 deletions
diff --git a/poky/documentation/sdk-manual/extensible.rst b/poky/documentation/sdk-manual/extensible.rst index 9e08e57a4e..355c6cb0e4 100644 --- a/poky/documentation/sdk-manual/extensible.rst +++ b/poky/documentation/sdk-manual/extensible.rst @@ -48,18 +48,20 @@ Extensible SDK can be installed in two different ways, and both have their own pros and cons: #. *Setting up the Extensible SDK environment directly in a Yocto build*. This -avoids having to produce, test, distribute and maintain separate SDK installer -archives, which can get very large. There is only one environment for the regular -Yocto build and the SDK and less code paths where things can go not according to plan. -It's easier to update the SDK: it simply means updating the Yocto layers with -git fetch or layer management tooling. The SDK extensibility is better than in the -second option: just run ``bitbake`` again to add more things to the sysroot, or add layers -if even more things are required. - -#. *Setting up the Extensible SDK from a standalone installer*. This has the benefit of -having a single, self-contained archive that includes all the needed binary artifacts. -So nothing needs to be rebuilt, and there is no need to provide a well-functioning -binary artefact cache over the network for developers with underpowered laptops. + avoids having to produce, test, distribute and maintain separate SDK + installer archives, which can get very large. There is only one environment + for the regular Yocto build and the SDK and less code paths where things can + go not according to plan. It's easier to update the SDK: it simply means + updating the Yocto layers with git fetch or layer management tooling. The + SDK extensibility is better than in the second option: just run ``bitbake`` + again to add more things to the sysroot, or add layers if even more things + are required. + +#. *Setting up the Extensible SDK from a standalone installer*. This has the + benefit of having a single, self-contained archive that includes all the + needed binary artifacts. So nothing needs to be rebuilt, and there is no + need to provide a well-functioning binary artefact cache over the network + for developers with underpowered laptops. Setting up the Extensible SDK environment directly in a Yocto build ------------------------------------------------------------------- @@ -67,12 +69,12 @@ Setting up the Extensible SDK environment directly in a Yocto build #. Set up all the needed layers and a Yocto :term:`Build Directory`, e.g. a regular Yocto build where ``bitbake`` can be executed. -#. Run: - $ bitbake meta-ide-support - $ bitbake -c populate_sysroot gtk+3 - (or any other target or native item that the application developer would need) - $ bitbake build-sysroots +#. Run:: + $ bitbake meta-ide-support + $ bitbake -c populate_sysroot gtk+3 + # or any other target or native item that the application developer would need + $ bitbake build-sysroots Setting up the Extensible SDK from a standalone installer --------------------------------------------------------- @@ -194,15 +196,13 @@ script is for an IA-based target machine using i586 tuning:: Run devtool --help for further details. When using the environment script directly in a Yocto build, it can -be run similarly: +be run similarly:: $ source tmp/deploy/images/qemux86-64/environment-setup-core2-64-poky-linux -Running the setup script defines many environment variables needed in -order to use the SDK (e.g. ``PATH``, -:term:`CC`, -:term:`LD`, and so forth). If you want to -see all the environment variables the script exports, examine the +Running the setup script defines many environment variables needed in order to +use the SDK (e.g. ``PATH``, :term:`CC`, :term:`LD`, and so forth). If you want +to see all the environment variables the script exports, examine the installation file itself. Using ``devtool`` in Your SDK Workflow @@ -216,11 +216,8 @@ system. .. note:: - The use of - devtool - is not limited to the extensible SDK. You can use - devtool - to help you easily develop any project whose build output must be + The use of ``devtool`` is not limited to the extensible SDK. You can use + ``devtool`` to help you easily develop any project whose build output must be part of an image built using the build system. The ``devtool`` command line is organized similarly to @@ -230,15 +227,10 @@ all the commands. .. note:: - See the " - devtool - Quick Reference - " in the Yocto Project Reference Manual for a - devtool - quick reference. + See the ":doc:`/ref-manual/devtool-reference`" + section in the Yocto Project Reference Manual. -Three ``devtool`` subcommands provide entry-points into -development: +Three ``devtool`` subcommands provide entry-points into development: - *devtool add*: Assists in adding new software to be built. @@ -315,9 +307,8 @@ command: .. note:: - If required, - devtool - always creates a Git repository locally during the extraction. + If required, ``devtool`` always creates a Git repository locally + during the extraction. Furthermore, the first positional argument ``srctree`` in this case identifies where the ``devtool add`` command will locate the @@ -326,8 +317,7 @@ command: $ devtool add recipe srctree fetchuri - In summary, - the source code is pulled from fetchuri and extracted into the + In summary, the source code is pulled from fetchuri and extracted into the location defined by ``srctree`` as a local Git repository. Within workspace, ``devtool`` creates a recipe named recipe along @@ -358,16 +348,14 @@ command: $ devtool edit-recipe recipe - From within the editor, you - can make modifications to the recipe that take effect when you build - it later. + From within the editor, you can make modifications to the recipe that + take effect when you build it later. #. *Build the Recipe or Rebuild the Image*: The next step you take depends on what you are going to do with the new code. If you need to eventually move the build output to the target - hardware, use the following ``devtool`` command: - :; + hardware, use the following ``devtool`` command:: $ devtool build recipe @@ -392,8 +380,11 @@ command: development machine. You can deploy your build output to that target hardware by using the - ``devtool deploy-target`` command: $ devtool deploy-target recipe - target The target is a live target machine running as an SSH server. + ``devtool deploy-target`` command:: + + $ devtool deploy-target recipe target + + The target is a live target machine running as an SSH server. You can, of course, also deploy the image you build to actual hardware by using the ``devtool build-image`` command. However, @@ -422,11 +413,9 @@ command: .. note:: - You can use the - devtool reset - command to put things back should you decide you do not want to - proceed with your work. If you do use this command, realize that - the source tree is preserved. + You can use the ``devtool reset`` command to put things back should you + decide you do not want to proceed with your work. If you do use this + command, realize that the source tree is preserved. Use ``devtool modify`` to Modify the Source of an Existing Component -------------------------------------------------------------------- @@ -473,11 +462,9 @@ command: $ devtool modify recipe - Once - ``devtool``\ locates the recipe, ``devtool`` uses the recipe's - :term:`SRC_URI` statements to - locate the source code and any local patch files from other - developers. + Once ``devtool`` locates the recipe, ``devtool`` uses the recipe's + :term:`SRC_URI` statements to locate the source code and any local + patch files from other developers. With this scenario, there is no ``srctree`` argument. Consequently, the default behavior of the ``devtool modify`` command is to extract @@ -513,11 +500,7 @@ command: .. note:: - You cannot provide a URL for - srctree - using the - devtool - command. + You cannot provide a URL for ``srctree`` using the ``devtool`` command. As with all extractions, the command uses the recipe's :term:`SRC_URI` statements to locate the source files and any associated patch @@ -570,7 +553,9 @@ command: On the other hand, if you want an image to contain the recipe's packages from the workspace for immediate deployment onto a device (e.g. for testing purposes), you can use the ``devtool build-image`` - command: $ devtool build-image image + command:: + + $ devtool build-image image #. *Deploy the Build Output*: When you use the ``devtool build`` command to build out your recipe, you probably want to see if the resulting @@ -610,8 +595,7 @@ command: Any changes you want to turn into patches must be staged and committed within the local Git repository before you use the - devtool finish - command. + ``devtool finish`` command. Because there is no need to move the recipe, ``devtool finish`` either updates the original recipe in the original layer or the @@ -626,11 +610,9 @@ command: .. note:: - You can use the - devtool reset - command to put things back should you decide you do not want to - proceed with your work. If you do use this command, realize that - the source tree is preserved. + You can use the ``devtool reset`` command to put things back should you + decide you do not want to proceed with your work. If you do use this + command, realize that the source tree is preserved. Use ``devtool upgrade`` to Create a Version of the Recipe that Supports a Newer Version of the Software ------------------------------------------------------------------------------------------------------- @@ -644,12 +626,11 @@ counterparts. .. note:: - Several methods exist by which you can upgrade recipes - - ``devtool upgrade`` - happens to be one. You can read about all the methods by which you - can upgrade recipes in the - :ref:`dev-manual/upgrading-recipes:upgrading recipes` section - of the Yocto Project Development Tasks Manual. + Several methods exist by which you can upgrade recipes --- + ``devtool upgrade`` happens to be one. You can read about all the methods by + which you can upgrade recipes in the + :ref:`dev-manual/upgrading-recipes:upgrading recipes` section of the Yocto + Project Development Tasks Manual. The ``devtool upgrade`` command is flexible enough to allow you to specify source code revision and versioning schemes, extract code into or out of the @@ -755,8 +736,11 @@ The following diagram shows the common development flow used with the development machine. You can deploy your build output to that target hardware by using the - ``devtool deploy-target`` command: $ devtool deploy-target recipe - target The target is a live target machine running as an SSH server. + ``devtool deploy-target`` command:: + + $ devtool deploy-target recipe target + + The target is a live target machine running as an SSH server. You can, of course, also deploy the image you build using the ``devtool build-image`` command to actual hardware. However, @@ -790,11 +774,9 @@ The following diagram shows the common development flow used with the .. note:: - You can use the - devtool reset - command to put things back should you decide you do not want to - proceed with your work. If you do use this command, realize that - the source tree is preserved. + You can use the ``devtool reset`` command to put things back should you + decide you do not want to proceed with your work. If you do use this + command, realize that the source tree is preserved. A Closer Look at ``devtool add`` ================================ @@ -862,10 +844,9 @@ run ``devtool add`` again and provide the name or the version. Dependency Detection and Mapping -------------------------------- -The ``devtool add`` command attempts to detect build-time dependencies -and map them to other recipes in the system. During this mapping, the -command fills in the names of those recipes as part of the -:term:`DEPENDS` variable within the +The ``devtool add`` command attempts to detect build-time dependencies and map +them to other recipes in the system. During this mapping, the command fills in +the names of those recipes as part of the :term:`DEPENDS` variable within the recipe. If a dependency cannot be mapped, ``devtool`` places a comment in the recipe indicating such. The inability to map a dependency can result from naming not being recognized or because the dependency simply @@ -882,10 +863,8 @@ following to your recipe:: .. note:: - The - devtool add - command often cannot distinguish between mandatory and optional - dependencies. Consequently, some of the detected dependencies might + The ``devtool add`` command often cannot distinguish between mandatory and + optional dependencies. Consequently, some of the detected dependencies might in fact be optional. When in doubt, consult the documentation or the configure script for the software the recipe is building for further details. In some cases, you might find you can substitute the @@ -895,16 +874,14 @@ following to your recipe:: License Detection ----------------- -The ``devtool add`` command attempts to determine if the software you -are adding is able to be distributed under a common, open-source -license. If so, the command sets the -:term:`LICENSE` value accordingly. +The ``devtool add`` command attempts to determine if the software you are +adding is able to be distributed under a common, open-source license. If +so, the command sets the :term:`LICENSE` value accordingly. You should double-check the value added by the command against the documentation or source files for the software you are building and, if necessary, update that :term:`LICENSE` value. -The ``devtool add`` command also sets the -:term:`LIC_FILES_CHKSUM` +The ``devtool add`` command also sets the :term:`LIC_FILES_CHKSUM` value to point to all files that appear to be license-related. Realize that license statements often appear in comments at the top of source files or within the documentation. In such cases, the command does not @@ -984,10 +961,9 @@ mind: Adding Native Tools ------------------- -Often, you need to build additional tools that run on the :term:`Build -Host` as opposed to -the target. You should indicate this requirement by using one of the -following methods when you run ``devtool add``: +Often, you need to build additional tools that run on the :term:`Build Host` +as opposed to the target. You should indicate this requirement by using one of +the following methods when you run ``devtool add``: - Specify the name of the recipe such that it ends with "-native". Specifying the name like this produces a recipe that only builds for @@ -1011,8 +987,7 @@ Adding Node.js Modules ---------------------- You can use the ``devtool add`` command two different ways to add -Node.js modules: 1) Through ``npm`` and, 2) from a repository or local -source. +Node.js modules: through ``npm`` or from a repository or local source. Use the following form to add Node.js modules through ``npm``:: @@ -1027,7 +1002,7 @@ these behaviors ensure the reproducibility and integrity of the build. .. note:: - - You must use quotes around the URL. The ``devtool add`` does not + - You must use quotes around the URL. ``devtool add`` does not require the quotes, but the shell considers ";" as a splitter between multiple commands. Thus, without the quotes, ``devtool add`` does not receive the other parts, which results in @@ -1042,9 +1017,8 @@ repository or local source tree. To add modules this way, use $ devtool add https://github.com/diversario/node-ssdp -In this example, ``devtool`` -fetches the specified Git repository, detects the code as Node.js code, -fetches dependencies using ``npm``, and sets +In this example, ``devtool`` fetches the specified Git repository, detects the +code as Node.js code, fetches dependencies using ``npm``, and sets :term:`SRC_URI` accordingly. Working With Recipes @@ -1121,18 +1095,13 @@ Setting Configure Arguments If the software your recipe is building uses GNU autoconf, then a fixed set of arguments is passed to it to enable cross-compilation plus any -extras specified by -:term:`EXTRA_OECONF` or -:term:`PACKAGECONFIG_CONFARGS` +extras specified by :term:`EXTRA_OECONF` or :term:`PACKAGECONFIG_CONFARGS` set within the recipe. If you wish to pass additional options, add them to :term:`EXTRA_OECONF` or :term:`PACKAGECONFIG_CONFARGS`. Other supported build -tools have similar variables (e.g. -:term:`EXTRA_OECMAKE` for -CMake, :term:`EXTRA_OESCONS` -for Scons, and so forth). If you need to pass anything on the ``make`` -command line, you can use :term:`EXTRA_OEMAKE` or the -:term:`PACKAGECONFIG_CONFARGS` -variables to do so. +tools have similar variables (e.g. :term:`EXTRA_OECMAKE` for CMake, +:term:`EXTRA_OESCONS` for Scons, and so forth). If you need to pass anything on +the ``make`` command line, you can use :term:`EXTRA_OEMAKE` or the +:term:`PACKAGECONFIG_CONFARGS` variables to do so. You can use the ``devtool configure-help`` command to help you set the arguments listed in the previous paragraph. The command determines the @@ -1156,8 +1125,7 @@ the build host. Recipes should never write files directly into the sysroot. Instead, files should be installed into standard locations during the -:ref:`ref-tasks-install` task within -the ``${``\ :term:`D`\ ``}`` directory. A +:ref:`ref-tasks-install` task within the ``${``\ :term:`D`\ ``}`` directory. A subset of these files automatically goes into the sysroot. The reason for this limitation is that almost all files that go into the sysroot are cataloged in manifests in order to ensure they can be removed later @@ -1173,14 +1141,12 @@ the target device, it is important to understand packaging because the contents of the image are expressed in terms of packages and not recipes. -During the :ref:`ref-tasks-package` -task, files installed during the -:ref:`ref-tasks-install` task are -split into one main package, which is almost always named the same as -the recipe, and into several other packages. This separation exists -because not all of those installed files are useful in every image. For -example, you probably do not need any of the documentation installed in -a production image. Consequently, for each recipe the documentation +During the :ref:`ref-tasks-package` task, files installed during the +:ref:`ref-tasks-install` task are split into one main package, which is almost +always named the same as the recipe, and into several other packages. This +separation exists because not all of those installed files are useful in every +image. For example, you probably do not need any of the documentation installed +in a production image. Consequently, for each recipe the documentation files are separated into a ``-doc`` package. Recipes that package software containing optional modules or plugins might undergo additional package splitting as well. @@ -1188,8 +1154,7 @@ package splitting as well. After building a recipe, you can see where files have gone by looking in the ``oe-workdir/packages-split`` directory, which contains a subdirectory for each package. Apart from some advanced cases, the -:term:`PACKAGES` and -:term:`FILES` variables controls +:term:`PACKAGES` and :term:`FILES` variables controls splitting. The :term:`PACKAGES` variable lists all of the packages to be produced, while the :term:`FILES` variable specifies which files to include in each package by using an override to specify the package. For @@ -1231,16 +1196,11 @@ target machine. .. note:: - The - devtool deploy-target - and - devtool undeploy-target - commands do not currently interact with any package management system - on the target device (e.g. RPM or OPKG). Consequently, you should not - intermingle - devtool deploy-target - and package manager operations on the target device. Doing so could - result in a conflicting set of files. + The ``devtool deploy-target`` and ``devtool undeploy-target`` commands do + not currently interact with any package management system on the target + device (e.g. RPM or OPKG). Consequently, you should not intermingle + ``devtool deploy-target`` and package manager operations on the target + device. Doing so could result in a conflicting set of files. Installing Additional Items Into the Extensible SDK =================================================== @@ -1264,7 +1224,7 @@ When using the extensible SDK directly in a Yocto build In this scenario, the Yocto build tooling, e.g. ``bitbake`` is directly accessible to build additional items, and it -can simply be executed directly: +can simply be executed directly:: $ bitbake mesa $ bitbake build-sysroots @@ -1272,6 +1232,8 @@ can simply be executed directly: When using a standalone installer for the Extensible SDK -------------------------------------------------------- +:: + $ devtool sdk-install mesa By default, the ``devtool sdk-install`` command assumes @@ -1297,13 +1259,13 @@ To update your installed SDK, use ``devtool`` as follows:: $ devtool sdk-update -The previous command assumes your SDK provider has set the -default update URL for you through the :term:`SDK_UPDATE_URL` -variable as described in the +The previous command assumes your SDK provider has set the default update URL +for you through the :term:`SDK_UPDATE_URL` variable as described in the ":ref:`sdk-manual/appendix-customizing:Providing Updates to the Extensible SDK After Installation`" section. If the SDK provider has not set that default URL, you need to -specify it yourself in the command as follows: $ devtool sdk-update -path_to_update_directory +specify it yourself in the command as follows:: + + $ devtool sdk-update path_to_update_directory .. note:: |