diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2022-07-29 18:24:38 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2022-07-29 18:26:37 +0300 |
commit | cb2a94c39eddda6e0df65f98fff97cce711c9134 (patch) | |
tree | 0233c00d99735de440f920eb45ef10d47e14c00a /poky/meta/recipes-bsp | |
parent | 322e9fc9c6aafb1be6757915ca920b5170642aa7 (diff) | |
download | openbmc-c781663ad79d179da0819bdbc654e8f86bb05c92.tar.xz |
subtree updates2.12.0-rc1
meta-openembedded: 5357c7a40e..a47ef04661:
Adrian Fiergolski (1):
python3-matplotlib: add missing dependency
Adrian Freihofer (2):
conntrack-tools: fix postinst script
modemmanager: update to 1.18.8
Akash Hadke (2):
ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g"
iperf: Set CVE_PRODUCT to "iperf_project:iperf"
Armin Kuster (5):
meta-oe-image: fix build depends
meta-python-image: Fix build depends
meta-gnome: fix layer depends.
mariadb: update to 10.7.4
mariadb: Fix i386 Clang builds
Ashish Sharma (1):
netserver: don't change permissions on /dev/null
Aurélien Bertron (1):
fix(syslog-ng): warning about conf version
Bartosz Golaszewski (2):
python3-speedtest-cli: fix RDEPENDS
python3-pybluez: fix a runtime issue with python 3.10
Bassem Boubaker (1):
conntrack-tools: Fix missing capability
Changqing Li (5):
chrony: create /var/lib/chrony by systemd-tmpfiles
redis: upgrade 6.2.6 -> 6.2.7
redis: upgrade 7.0-rc3 -> 7.0.2
apache2: upgrade 2.4.53 -> 2.4.54
zabbix: upgrade 5.2.6 -> 5.4.12
Chen Qi (1):
ntfs-3g-ntfsprogs: upgrade to 2022.5.17
Davide Gardenal (11):
emlog: ignore unrelated CVEs
imagemagick: upgrade 7.0.10-25 -> 7.0.10-62
usrsctp: add CVE_VERSION to correctly check for CVEs
openflow: ignore CVE-2018-1078
ntp: ignore many CVEs
wireshark: upgrade 3.4.11 -> 3.4.12
thrift: add CVE_PRODUCT to fix CVE reporting
spice: ignore patched CVEs
quagga: ignore CVE-2016-4049
freeradius: ignore patched CVEs
openflow: ignore unrelated CVEs
Denys Dmytriyenko (3):
devmem2: reinstate previous patches, removed by mistake
devmem2: add support for different page sizes
devmem2: the source and patches moved to github repo
Diego Sueiro (1):
bats: upgrade 1.6.0 -> 1.6.1
Gianfranco (2):
sdbus-c++-libsystemd: Bump SRCREV to last commit of 250-stable branch
libmtp: Add doxygen-native dependency in case documentation build is enabled in PACKAGECONFIG. This fixes a FTBFS due to missing dependency.
Gianfranco Costamagna (1):
vboxguestdrivers: upgrade 6.1.32 -> 6.1.34
Hitendra Prajapati (1):
cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
Javier Viguera (1):
networkmanager: fix build with enabled ppp
Jeremy Puhlman (1):
freeradius: mutlilib fixes
Jiaqing Zhao (2):
openldap: Remove libgcrypt dependency
openldap: Upgrade 2.5.9 -> 2.5.12
Joerg Vehlow (1):
jq: Fix typo OE_EXTRACONF -> EXTRA_OECONF
Julien STEPHAN (1):
libcamera: fix packaging
Kai Kang (4):
conntrack-tools: fix postinst script
python3-wxgtk4: backport patch to fix svg issue
libportal: add distro features check
graphviz: rrecommends on liberation-fonts
Khem Raj (11):
ufw: Fix packaging errors found with ppc64
libcereal: Enable for glibc/ppc
mimic: Use special rateconv.c license
makedumpfile: Use right TARGET for ppc32
evince: Add dbus to depnedencies on non-x11 builds
evolution-data-server: Do not pass --library-path to gir compiler
python3-wxgtk4: Needs x11 for sip module
unattended-upgrades: Disable auto-detecting modules
sdbus-c++: Link with libatomic on mips/ppc32
sdbus-c++: Link with libatomic for rv32
sdbus-c++-libsystemd: Fix patch fuzz
Markus Volk (1):
minidlna: fix obsolete license warning
Martin Jansa (3):
ostree: prevent ostree-native depending on target virtual/kernel to provide kernel-module-overlay
leveldb: switch from master branch to main
tesseract-lang: switch from master branch to main
Michael Opdenacker (1):
devmem2: update SRC_URI according to redirect
Mingli Yu (1):
s-nail: Set VAL_MTA
Nicolas Dechesne (1):
imlib2: update SRC_URI
Peter Marko (1):
libgpiod: move test dependencies to ptest package
Richard Neill (1):
bats: Add patch to fix false-negatives caused by teardown code
Wentao Zhang (1):
protobuf-c: update to 1.4.1 fix CVE-2022-33070
Xu Huan (1):
python3-astroid: upgrade 2.11.2 -> 2.11.3
Yi Zhao (4):
frr: inherit autotools-brokensep instead of autotools
networkmanager: fix parallel build failure
dnsmasq: Security fix CVE-2022-0934
strongswan: upgrade 5.9.5 -> 5.9.6
Yue Tao (2):
exo: upgrade 4.16.3 -> 4.16.4
dlt-daemon: upgrade to commit 6a3bd901d8 to fix CVE-2022-31291
wangmy (5):
php: upgrade 8.1.4 -> 8.1.5
php: upgrade 8.1.5 -> 8.1.6
postgresql: upgrade 14.2 -> 14.3
postgresql: upgrade 14.3 -> 14.4
php: upgrade 8.1.6 -> 8.1.7
meta-security: 93f2146211..c79262a30b:
Anton Antonov (1):
Parsec-service: Update installation procedure
Armin Kuster (5):
fscrypt: add distro_check on pam
aide: Update 01.17.4
tpm2-pkcs11: tpm2-pkcs11 module missing
tpm2-tools: Add missing rdepends
oeqa/cases/tpm2: fix and enhance test suite
Davide Gardenal (1):
sssd: ignore CVE-2018-16838
Jeremy A. Puhlman (5):
aide: Add depend on audit when audit is enabled.
lib-perl: prefix man pages to avoid conflicting with base perl
libmhash: add multilib header
python3-privacyidea: add correct path to lib/privacyidea
clamav: make install owner match the added user name
Jose Quaresma (1):
meta-integrity: kernel-modsign: prevents splitting out debug symbols
poky: d84c73d1ef..e4b5c35fd4:
Ahmed Hossam (1):
insane.bbclass: host-user-contaminated: Correct per package home path
Alejandro Hernandez Samaniego (2):
package.bbclass: Fix base directory for debugsource files when using externalsrc
package.bbclass: Fix kernel source handling when not using externalsrc
Alex Kiernan (1):
pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
Alexander Kanavin (41):
systemd: upgrade 250.4 -> 250.5
mesa: upgrade 22.0.0 -> 22.0.2
bind: upgrade 9.18.1 -> 9.18.2
cronie: upgrade 1.6.0 -> 1.6.1
epiphany: upgrade 42.0 -> 42.2
ffmpeg: upgrade 5.0 -> 5.0.1
fribidi: upgrade 1.0.11 -> 1.0.12
libinput: upgrade 1.19.3 -> 1.19.4
sqlite3: upgrade 3.38.2 -> 3.38.3
webkitgtk: upgrade 2.36.0 -> 2.36.1
xwayland: upgrade 22.1.0 -> 22.1.1
mmc-utils: upgrade to latest revision
gst-devtools: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-libav: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-omx: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-bad: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-base: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-good: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-ugly: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-python: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-rtsp-server: upgrade 1.20.1 -> 1.20.2
gstreamer1.0: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-vaapi: upgrade 1.20.1 -> 1.20.2
libcgroup: upgrade 2.0.1 -> 2.0.2
mesa: upgrade 22.0.2 -> 22.0.3
mobile-broadband-provider-info: upgrade 20220315 -> 20220511
sqlite3: upgrade 3.38.3 -> 3.38.5
bash: submit patch upstream
valgrind: submit arm patches upstream
zip/unzip: mark all submittable patches as Inactive-Upstream
python3: use built-in distutils for ptest, rather than setuptools' 'fork'
wireless-regdb: upgrade 2022.04.08 -> 2022.06.06
oeqa/sdk: drop the nativesdk-python 2.x test
at: take tarballs from debian
openssl: update 3.0.4 -> 3.0.5
gstreamer1.0: upgrade 1.20.2 -> 1.20.3
weston: update 10.0.0 -> 10.0.1
glib-2.0: upgrade 2.72.2 -> 2.72.3
glib-networking: upgrade 2.72.0 -> 2.72.1
libsoup: upgrade 3.0.6 -> 3.0.7
waffle: correctly request wayland-scanner executable
Aryaman Gupta (1):
e2fsprogs: update upstream status
Bruce Ashfield (48):
linux-yocto/5.10: update to v5.10.110
linux-yocto/5.10: base: enable kernel crypto userspace API
linux-yocto/5.10: update to v5.10.112
linux-yocto/5.15: arm: poky-tiny cleanup and fixes
linux-yocto/5.15: update to v5.15.33
linux-yocto/5.15: base: enable kernel crypto userspace API
linux-yocto/5.15: kasan: fix BUG: sleeping function called from invalid context
linux-yocto/5.15: fix ppc boot
linux-yocto/5.15: netfilter: conntrack: avoid useless indirection during conntrack destruction
linux-yocto/5.15: update to v5.15.35
linux-yocto/5.15: Fix CVE-2022-28796
linux-yocto: enable powerpc debug fragment
linux-yocto/5.15: fix -standard kernel build issue
linux-yocto/5.15: update to v5.15.36
linux-yocto/5.15: fix qemuarm graphical boot
strace: fix ptest failure in landlock
yocto-bsps: update to v5.15.36
linux-yocto/5.15: update to v5.15.37
linux-yocto/5.10: update to v5.10.113
linux-yocto/5.15: update to v5.15.38
linux-yocto/5.10: update to v5.10.114
linux-yocto/5.15: bpf: explicitly disable unpriv eBPF by default
linux-yocto/5.15: update to v5.15.43
linux-yocto/5.10: update to v5.10.118
linux-yocto/5.15: Enable MDIO bus config
linux-yocto/5.15: cfg/xen: Move x86 configs to separate file
linux-yocto/5.15: update to v5.15.44
linux-yocto/5.10: update to v5.10.119
lttng-modules: fix build against 5.18-rc7+
linux-yocto/5.10: update to v5.10.121
linux-yocto/5.10: update to v5.10.123
linux-yocto/5.10: update to v5.10.128
linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning
linux-yocto/5.10: fix buildpaths issue with gen-mach-types
linux-yocto/5.10: update to v5.10.130
linux-yocto/5.10: fix buildpaths issue with pnmtologo
linux-yocto/5.15: update to v5.15.46
linux-yocto/5.15: update to v5.15.48
linux-yocto/5.15: drop obselete GPIO sysfs ABI
linux-yocto/5.15: update to v5.15.52
linux-yocto/5.15: fix qemuppc buildpaths warning
linux-yocto/5.15: fix build_OID_registry buildpaths warning
linux-yocto/5.15: fix buildpaths issue with gen-mach-types
linux-yocto/5.15: update to v5.15.54
linux-yocto/5.15: fix buildpaths issue with pnmtologo
kernel-devsrc: fix reproducibility and buildpaths QA warning
kernel-devsrc: ppc32: fix reproducibility
perf: fix reproducibility in 5.19+
Chanho Park (2):
cargo_common.bbclass: enable bitbake vendoring for externalsrc
externalsrc.bbclass: support crate fetcher on externalsrc
Chen Qi (1):
go-helloworld: remove unused GO_WORKDIR
Christoph Lauer (1):
package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo
Claudius Heine (2):
overlayfs: add docs about skipping QA check & service dependencies
classes: rootfs-postcommands: add skip option to overlayfs_qa_check
David Bagonyi (1):
sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity
Davide Gardenal (14):
cve-check: add JSON format to summary output
cve-check: fix symlinks where link and output path are equal
rootfs-postcommands: fix symlinks where link and output path are equal
openssl: minor security upgrade 3.0.2 -> 3.0.3
freetype: backport patch for CVE-2022-27404
freetype: backport patch for CVE-2022-27405
freetype: backport patch for CVE-2022-27406
qemu: backport patch for CVE-2021-4206
qemu: backport patch for CVE-2021-4207
base-passwd: Disable shell for default users
libpcre2: upgrade 10.39 -> 10.40
ncurses: update to patchlevel 20220423
baremetal-image: fix broken symlink in do_rootfs
efivar: add musl libc compatibility
Dmitry Baryshkov (6):
linux-firmware: upgrade 20220411 -> 20220509
image.bbclass: allow overriding dependency on virtual/kernel:do_deploy
linux-firmware: package new Qualcomm firmware
linux-firmware: split ath3k firmware
linux-firmware: add support for building snapshots
linux-firmware: upgrade 20220509 -> 20220610
Ernst Sjöstrand (2):
cve-check: Add helper for symlink handling
cve-check: Only include installed packages for rootfs manifest
Felix Moessbauer (1):
wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions
Gunjan Gupta (1):
bitbake: fetch2/osc: Small fixes for osc fetcher
He Zhe (1):
lttng-modules: Fix build failure for 5.10.119+ and 5.15.44+ kernel
Hitendra Prajapati (1):
pcre2: CVE-2022-1586 Out-of-bounds read
Jack Mitchell (1):
meson.bbclass: add cython binary to cross/native toolchain config
Jeremy Puhlman (1):
gcc: depend on zstd-native
Jiaqing Zhao (8):
libxml2: Upgrade 2.9.13 -> 2.9.14
sed: Specify shell for "nobody" user in run-ptest
strace: Don't run ptest as "nobody"
systemd: Drop 0001-test-parse-argument-Include-signal.h.patch
systemd: Remove __compare_fn_t type in musl-specific patch
systemd: Drop 0002-don-t-use-glibc-specific-qsort_r.patch
systemd: Correct path returned in sd_path_lookup()
systemd: Correct 0001-pass-correct-parameters-to-getdents64.patch
Joerg Vehlow (1):
libseccomp: Add missing files for ptests
Jon Mason (2):
poky-tiny: enable qemuarmv5/qemuarm64 and cleanups
qemuarmv5: use arm-versatile-926ejs KMACHINE
Jose Quaresma (3):
archiver: use bb.note instead of echo
archiver: don't use machine variables in shared recipes
curl: backport openssl fix CN check error code
Justin Bronder (1):
pulseaudio: conditionally depend on alsa-plugins-pulseaudio-conf
Kai Kang (2):
xxhash: fix build with gcc 12
glibc-tests: not clear BBCLASSEXTEND
Khem Raj (11):
kmod: Enable xz support by default
qemu: Add packageconfig for libbpf support
linux-yocto: Enable powerpc-debug fragment for ppc64 LE
systemd: Fix build regression with latest update
ovmf: Fix native build with gcc-12
gcc: Upgrade to 11.3 release
systemd: Drop redundant musl patches
systemd: Document future actions needed for set of musl patches
systemd: Drop 0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
systemd: Update patch status
libmodule-build-perl: Use env utility to find perl interpreter
Konrad Weihmann (1):
linux-firmware: replace mkdir by install
Lee Chee Yang (1):
ghostscript: fix CVE-2022-2085
Lucas Stach (1):
perf: sort-pmuevents: really keep array terminators
Marcel Ziswiler (1):
alsa-plugins: fix libavtp vs. avtp packageconfig
Markus Volk (2):
mesa.inc: package 00-radv-defaults.conf
python3: Backport patch to fix an issue in subinterpreters
Marta Rybczynska (9):
cve-update-db-native: update the CVE database once a day only
cve-update-db-native: let the user to drive the update interval
cve-check: Fix report generation
cve-check: move update_symlinks to a library
cve-check: write empty fragment files in the text mode
cve-check: fix return type in check_cves
cve-update-db-native: make it possible to disable database updates
cve-check: add support for Ignored CVEs
oeqa/selftest/cve_check: add tests for Ignored and partial reports
Martin Jansa (9):
staging.bbclass: process direct dependencies in deterministic order
insane.bbclass: make sure to close .patch files
makedevs: Don't use COPYING.patch just to add license file into ${S}
patch.py: make sure that patches/series file exists before quilt pop
lttng-modules: fix shell syntax
buildhistory.bbclass: fix shell syntax when using dash
rootfs.py: close kernel_abi_ver_file
mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again
wic: fix WicError message
Matt Madison (1):
bitbake: providers: use local variable for packages_dynamic pattern
Maxime Roussin-Bélanger (1):
libffi: fix native build being not portable
Michael Opdenacker (4):
rootfs-postcommands.bbclass: correct comments
manuals: switch to the sstate mirror shared between all versions
docs: BB_HASHSERVE_UPSTREAM: update to new host
ref-manual: variables: remove sphinx directive from literal block
Ming Liu (3):
udev-extraconf: let automount base directory configurable
udev-extraconf: fix some systemd automount issues
udev-extraconf:mount.sh: fix path mismatching issues
Mingli Yu (2):
perl: Fix build with gcc-12
oescripts: change compare logic in OEListPackageconfigTests
Muhammad Hamza (6):
initramfs-framework: move storage mounts to actual rootfs
udev-extraconf/mount.sh: add LABELs to mountpoints
udev-extraconf/mount.sh: save mount name in our tmp filecache
udev-extraconf/mount.sh: only mount devices on hotplug
udev-extraconf: force systemd-udevd to use shared MountFlags
udev-extraconf/mount.sh: ignore lvm in automount
Naveen Saini (1):
pciutils: avoid lspci conflict with busybox
Nick Potenski (1):
systemd: systemd-systemctl: Support instance conf files during enable
Pascal Bach (1):
bin_package: install into base_prefix
Paul Eggleton (4):
devtool: ignore pn- overrides when determining SRC_URI overrides
patch: handle if S points to a subdirectory of a git repo
devtool: finish: handle patching when S points to subdir of a git repo
oe-selftest: devtool: test modify git recipe building from a subdir
Paulo Neves (2):
python: Avoid shebang overflow on python-config.py
gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2
Pavel Zhukov (3):
bitbake.conf: Make TCLIBC and TCMODE lazy assigned
systemd: update 0008-add-missing-FTW_-macros-for-musl.patch
harfbuzz: Fix compilation with clang
Peter Bergin (1):
rust: fix issue building cross-canadian tools for aarch64 on x86_64
Peter Kjellerstedt (4):
license_image.bbclass: Make QA errors fail the build
libseccomp: Correct LIC_FILES_CHKSUM
license.bbclass: Bound beginline and endline in copy_license_files()
base.bbclass: Correct the test for obsolete license exceptions
Peter Marko (2):
openssl: extract legacy provider module to a separate package
alsa-state: correct license
Pgowda (1):
binutils : CVE-2019-1010204
Portia (1):
volatile-binds: Change DefaultDependencies from false to no
Raju Kumar Pothuraju (1):
kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set
Rasmus Villemoes (1):
e2fsprogs: add alternatives handling of lsattr as well
Richard Purdie (79):
bitbake: tests/parse: Fix one test overwriting another
bitbake: server/process: Drop unused import
bitbake: ui/buildinfohelper: Drop unused import
bitbake: cooker: Drop unused loop
bitbake: msg: Drop unused local variable
bitbake: buildinfohelper: Drop unused function
bitbake: fetch2/crate: Drop unused import
bitbake: siggen: Drop pointless break statement
bitbake: ui/knotty: Drop pointless pass statement
bitbake: persist_data: Use a valid exception for missing implementation
bitbake: runqueue: Drop pointless variable assignment
bitbake: buildinfohelper: Drop unused variables
bitbake: fetch2/osc: Add missing parameter
bitbake: runqueue: Fix sig file location when using multiconfig
bitbake: fetch/git : Use cat as pager
lib/sstatesig: Fix find_siginfo to match sstate filename generation
base: Avoid circular references to our own scripts
scripts: Make git intercept global
scripts/git: Ensure we don't have circular references
package: Ensure we track whether PRSERV was active or not
abi_version/sstate: Bump hashequiv and sstate versions due to git changes
build-appliance-image: Update to kirkstone head revision
vim: Upgrade 8.2.4681 -> 8.2.4912
cairo: Add missing GPLv3 license checksum entry
sanity: Don't warn about make 4.2.1 for mint
bitbake: build: Add clean_stamp API function to allow removal of task stamps
staging: Fix rare sysroot corruption issue
selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES
vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs
tiff: Add jbig PACKAGECONFIG and clarify CVE-2022-1210
libxslt: Mark CVE-2022-29824 as not applying
cve-extra-exclusions: Add kernel CVEs
cve-check: Allow warnings to be disabled
rust-common: Fix sstate signatures between arm hf and non-hf
rust-common: Drop LLVM_TARGET and simplify
rust-common: Fix native signature dependency issues
lzo: Add further info to a patch and mark as Inactive-Upstream
glib-2.0: upgrade 2.72.1 -> 2.72.2
libxkbcommon: upgrade 1.4.0 -> 1.4.1
gtk+3: upgrade 3.24.33 -> 3.24.34
webkitgtk: upgrade 2.36.1 -> 2.36.3
openssl: Backport fix for ptest cert expiry
gcc-cross-canadian: Add nativesdk-zstd dependency
local.conf.sample: Update sstate url to new 'all' path
sanity: Switch to make 4.0 as a minimum version
perl: Add dependency on make-native to avoid race issues
glibc: Drop make-native dependency
vim: Upgrade 8.2.5034 -> 8.2.5083
uboot-sign: Fix potential index error issues
selftest/multiconfig: Test that multiconfigs in separate layers works
gcc-source: Fix incorrect task dependencies from ${B}
liberror-perl: Update sstate/equiv versions to clean cache
python3: Remove problematic paths from sysroot files
python3: Ensure stale empty python module directories don't break the build
bitbake: server/process: Fix logging issues where only the first message was displayed
build-appliance-image: Update to kirkstone head revision
unzip: Port debian fixes for two CVEs
cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
vim: 8.2.5083 -> 9.0.0005
openssl: Upgrade 3.0.3 -> 3.0.4
coreutils: Tweak packaging variable names for coreutils-dev
oeqa/runtime/scp: Disable scp test for dropbear
packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
oe-selftest-image: Ensure the image has sftp as well as dropbear
qemu: Avoid accidental librdmacm linkage
glibc-tests: Avoid reproducibility issues
qemu: Fix slirp determinism issue
qemu: Add PACKAGECONFIG for brlapi
gperf: Add a patch to work around reproducibility issues
gperf: Switch to upstream patch
udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist
insane: Fix buildpaths test to work with special devices
lua: Fix multilib buildpath reproducibility issues
vala: Fix on target wrapper buildpaths issue
gtk-doc: Remove hardcoded buildpath
kernel-arch: Fix buildpaths leaking into external module compiles
gcc-runtime: Fix build when using gold
gcc-runtime: Fix missing MLPREFIX in debug mappings
selftest/runtime_test/virgl: Disable for all almalinux
Robert Joslyn (3):
powerpc: Remove invalid GLIBC_EXTRA_OECONF
curl: Backport CVE fixes
curl: Fix multiple CVEs
Robert Yang (1):
bitbake: fetch2/ssh.py: decode path back for ssh
Roland Hieber (1):
bitbake: cache: correctly handle file names containing colons
Ross Burton (12):
cve-check: no need to depend on the fetch task
oeqa/selftest: add test for git working correctly inside pseudo
Revert "bitbake.conf: mark all directories as safe for git to read"
oeqa/selftest/cve_check: add tests for recipe and image reports
tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid
cups: ignore CVE-2022-26691
busybox: fix CVE-2022-30065
cve-check: hook cleanup to the BuildCompleted event, not CookerExit
tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058
vim: upgrade to 9.0.0021
perl: don't install Makefile.old into perl-ptest
pulseaudio: add m4-native to DEPENDS
Sakib Sajal (1):
u-boot: fix CVE-2022-34835
Samuli Piippo (1):
binutils: Bump to latest 2.38 release branch
Sean Anderson (1):
rootfs.py: find .ko.zst kernel modules
Stefan Wiehler (1):
kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task
Steve Sakoman (11):
scripts/contrib/oe-build-perf-report-email.py: remove obsolete check for phantomjs and optipng
poky.conf: bump version for 4.0.1 release
virgl: skip headless test on alma 8.6
python3: fix reproducibility issue with python3-core
go: upgrade 1.17.8 -> 1.17.10
poky.conf: bump version for 4.0.2
openssh: break dependency on base package for -dev package
dropbear: break dependency on base package for -dev package
ruby: add PACKAGECONFIG for capstone
qemu: add PACKAGECONFIG for capstone
qemu: Avoid accidental libvdeplug linkage
Sundeep KOKKONDA (4):
rust-common: Ensure sstate signatures have correct dependencues for do_rust_gen_targets
rust-common: Fix for target definitions returning 'NoneType' for arm
glibc: stable 2.35 branch updates
binutils : stable 2.38 branch updates
Thomas Roos (1):
recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG
Tomasz Dziendzielski (1):
bitbake: data: Do not depend on vardepvalueexclude flag
Wentao Zhang (1):
harfbuzz: fix CVE-2022-33068
Xiaobing Luo (1):
devtool: Fix _copy_file() TypeError
Yi Zhao (2):
popt: fix override syntax in RDEPENDS
git: fix override syntax in RDEPENDS
leimaohui (1):
cve-check.bbclass: Added do_populate_sdk[recrdeptask].
wangmy (15):
librepo: upgrade 1.14.2 -> 1.14.3
cups: upgrade 2.4.1 -> 2.4.2
logrotate: upgrade 3.19.0 -> 3.20.1
iso-codes: upgrade 4.9.0 -> 4.10.0
lttng-ust: upgrade 2.13.2 -> 2.13.3
gst-devtools: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ie30881bf20846b7311381bed443623fce8912406
Diffstat (limited to 'poky/meta/recipes-bsp')
7 files changed, 322 insertions, 7 deletions
diff --git a/poky/meta/recipes-bsp/alsa-state/alsa-state.bb b/poky/meta/recipes-bsp/alsa-state/alsa-state.bb index df546633f1..27b2eccbe4 100644 --- a/poky/meta/recipes-bsp/alsa-state/alsa-state.bb +++ b/poky/meta/recipes-bsp/alsa-state/alsa-state.bb @@ -8,8 +8,11 @@ SUMMARY = "Alsa scenario files to enable alsa state restoration" HOMEPAGE = "http://www.alsa-project.org/" DESCRIPTION = "Alsa Scenario Files - an init script and state files to restore \ sound state at system boot and save it at system shut down." -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" +LICENSE = "MIT & GPL-2.0-or-later" +LIC_FILES_CHKSUM = " \ + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420 \ + file://alsa-state-init;beginline=3;endline=4;md5=3ff7ecbf534d7d503941abe8e268ef50 \ +" PV = "0.2.0" PR = "r5" diff --git a/poky/meta/recipes-bsp/alsa-state/alsa-state/alsa-state-init b/poky/meta/recipes-bsp/alsa-state/alsa-state/alsa-state-init index eee59cb321..a04cc27004 100755 --- a/poky/meta/recipes-bsp/alsa-state/alsa-state/alsa-state-init +++ b/poky/meta/recipes-bsp/alsa-state/alsa-state/alsa-state-init @@ -1,10 +1,9 @@ #! /bin/sh # # Copyright Matthias Hentges <devel@hentges.net> (c) 2007 -# License: GPL (see http://www.gnu.org/licenses/gpl.txt for a copy of the license) +# SPDX-License-Identifier: GPL-2.0-or-later # # Filename: alsa-state -# Date: 20070308 (YMD) # source function library . /etc/init.d/functions diff --git a/poky/meta/recipes-bsp/efivar/efivar/efisecdb-fix-build-with-musl-libc.patch b/poky/meta/recipes-bsp/efivar/efivar/efisecdb-fix-build-with-musl-libc.patch new file mode 100644 index 0000000000..ec5b285a06 --- /dev/null +++ b/poky/meta/recipes-bsp/efivar/efivar/efisecdb-fix-build-with-musl-libc.patch @@ -0,0 +1,184 @@ +From cece3ffd5be2f8641eb694513f2b73e5eb97ffd3 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Fri, 28 Jan 2022 12:13:30 +0100 +Subject: [PATCH] efisecdb: fix build with musl libc + +Refactor code to use POSIX atexit(3) instead of the GNU specific +on_exit(3). + +Resolves: #197 +Resolves: #202 +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> + +Upstream-Status: Backport +https://github.com/rhboot/efivar/commit/cece3ffd5be2f8641eb694513f2b73e5eb97ffd3 + +Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> +--- + src/compiler.h | 2 -- + src/efisecdb.c | 68 +++++++++++++++++++------------------------------- + 2 files changed, 26 insertions(+), 44 deletions(-) + +diff --git a/src/compiler.h b/src/compiler.h +index e2f18f0b..d95fb014 100644 +--- a/src/compiler.h ++++ b/src/compiler.h +@@ -7,8 +7,6 @@ + #ifndef COMPILER_H_ + #define COMPILER_H_ + +-#include <sys/cdefs.h> +- + /* GCC version checking borrowed from glibc. */ + #if defined(__GNUC__) && defined(__GNUC_MINOR__) + # define GNUC_PREREQ(maj,min) \ +diff --git a/src/efisecdb.c b/src/efisecdb.c +index f8823737..6bd5ad90 100644 +--- a/src/efisecdb.c ++++ b/src/efisecdb.c +@@ -25,6 +25,10 @@ + extern char *optarg; + extern int optind, opterr, optopt; + ++static efi_secdb_t *secdb = NULL; ++static list_t infiles; ++static list_t actions; ++ + struct hash_param { + char *name; + efi_secdb_type_t algorithm; +@@ -187,12 +191,11 @@ add_action(list_t *list, action_type_t action_type, const efi_guid_t *owner, + } + + static void +-free_actions(int status UNUSED, void *actionsp) ++free_actions(void) + { +- list_t *actions = (list_t *)actionsp; + list_t *pos, *tmp; + +- for_each_action_safe(pos, tmp, actions) { ++ for_each_action_safe(pos, tmp, &actions) { + action_t *action = list_entry(pos, action_t, list); + + list_del(&action->list); +@@ -202,12 +205,11 @@ free_actions(int status UNUSED, void *actionsp) + } + + static void +-free_infiles(int status UNUSED, void *infilesp) ++free_infiles(void) + { +- list_t *infiles = (list_t *)infilesp; + list_t *pos, *tmp; + +- for_each_ptr_safe(pos, tmp, infiles) { ++ for_each_ptr_safe(pos, tmp, &infiles) { + ptrlist_t *entry = list_entry(pos, ptrlist_t, list); + + list_del(&entry->list); +@@ -216,27 +218,12 @@ free_infiles(int status UNUSED, void *infilesp) + } + + static void +-maybe_free_secdb(int status UNUSED, void *voidp) ++maybe_free_secdb(void) + { +- efi_secdb_t **secdbp = (efi_secdb_t **)voidp; +- +- if (secdbp == NULL || *secdbp == NULL) ++ if (secdb == NULL) + return; + +- efi_secdb_free(*secdbp); +-} +- +-static void +-maybe_do_unlink(int status, void *filep) +-{ +- char **file = (char **)filep; +- +- if (status == 0) +- return; +- if (file == NULL || *file == NULL) +- return; +- +- unlink(*file); ++ efi_secdb_free(secdb); + } + + static void +@@ -323,15 +310,6 @@ parse_input_files(list_t *infiles, char **outfile, efi_secdb_t **secdb, + return status; + } + +-/* +- * These need to be static globals so that they're not on main's stack when +- * on_exit() fires. +- */ +-static efi_secdb_t *secdb = NULL; +-static list_t infiles; +-static list_t actions; +-static char *outfile = NULL; +- + int + main(int argc, char *argv[]) + { +@@ -351,6 +329,7 @@ main(int argc, char *argv[]) + bool do_sort_data = false; + bool sort_descending = false; + int status = 0; ++ char *outfile = NULL; + + const char sopts[] = ":aAc:dfg:h:i:Lo:rs:t:v?"; + const struct option lopts[] = { +@@ -376,10 +355,9 @@ main(int argc, char *argv[]) + INIT_LIST_HEAD(&infiles); + INIT_LIST_HEAD(&actions); + +- on_exit(free_actions, &actions); +- on_exit(free_infiles, &infiles); +- on_exit(maybe_free_secdb, &secdb); +- on_exit(maybe_do_unlink, &outfile); ++ atexit(free_actions); ++ atexit(free_infiles); ++ atexit(maybe_free_secdb); + + /* + * parse the command line. +@@ -587,24 +565,30 @@ main(int argc, char *argv[]) + outfd = open(outfile, flags, 0600); + if (outfd < 0) { + char *tmpoutfile = outfile; +- if (errno == EEXIST) +- outfile = NULL; ++ if (errno != EEXIST) ++ unlink(outfile); + err(1, "could not open \"%s\"", tmpoutfile); + } + + rc = ftruncate(outfd, 0); +- if (rc < 0) ++ if (rc < 0) { ++ unlink(outfile); + err(1, "could not truncate output file \"%s\"", outfile); ++ } + + void *output; + size_t size = 0; + rc = efi_secdb_realize(secdb, &output, &size); +- if (rc < 0) ++ if (rc < 0) { ++ unlink(outfile); + secdb_err(1, "could not realize signature list"); ++ } + + rc = write(outfd, output, size); +- if (rc < 0) ++ if (rc < 0) { ++ unlink(outfile); + err(1, "could not write signature list"); ++ } + + close(outfd); + xfree(output); diff --git a/poky/meta/recipes-bsp/efivar/efivar_38.bb b/poky/meta/recipes-bsp/efivar/efivar_38.bb index 68c4b4b914..53fe20a95b 100644 --- a/poky/meta/recipes-bsp/efivar/efivar_38.bb +++ b/poky/meta/recipes-bsp/efivar/efivar_38.bb @@ -10,6 +10,7 @@ COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" SRC_URI = "git://github.com/rhinstaller/efivar.git;branch=main;protocol=https \ file://0001-docs-do-not-build-efisecdb-manpage.patch \ file://0001-src-Makefile-build-util.c-separately-for-makeguids.patch \ + file://efisecdb-fix-build-with-musl-libc.patch \ " SRCREV = "1753149d4176ebfb2b135ac0aaf79340bf0e7a93" @@ -36,5 +37,3 @@ BBCLASSEXTEND = "native" RRECOMMENDS:${PN}:class-target = "kernel-module-efivarfs" CLEANBROKEN = "1" -# https://github.com/rhboot/efivar/issues/202 -COMPATIBLE_HOST:libc-musl = 'null' diff --git a/poky/meta/recipes-bsp/pciutils/pciutils_3.7.0.bb b/poky/meta/recipes-bsp/pciutils/pciutils_3.7.0.bb index 7d1740f665..311e57a98b 100644 --- a/poky/meta/recipes-bsp/pciutils/pciutils_3.7.0.bb +++ b/poky/meta/recipes-bsp/pciutils/pciutils_3.7.0.bb @@ -13,7 +13,7 @@ SRC_URI = "${KERNELORG_MIRROR}/software/utils/pciutils/pciutils-${PV}.tar.xz \ SRC_URI[sha256sum] = "9d40b97be8b6a2cdf96aead5a61881d1f7e4e0da9544a9bac4fba1ae9dcd40eb" -inherit multilib_header pkgconfig +inherit multilib_header pkgconfig update-alternatives PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'hwdb', '', d)}" PACKAGECONFIG[hwdb] = "HWDB=yes,HWDB=no,udev" @@ -57,3 +57,6 @@ FILES:libpci = "${libdir}/libpci.so.*" SUMMARY:${PN}-ids = "PCI utilities - device ID database" DESCRIPTION:${PN}-ids = "Package providing the PCI device ID database for pciutils." RDEPENDS:${PN} += "${PN}-ids" + +ALTERNATIVE:${PN} = "lspci" +ALTERNATIVE_PRIORITY = "100" diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-i2c-fix-stack-buffer-overflow-vulnerability-in-i2c-m.patch b/poky/meta/recipes-bsp/u-boot/files/0001-i2c-fix-stack-buffer-overflow-vulnerability-in-i2c-m.patch new file mode 100644 index 0000000000..04ded5b119 --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/0001-i2c-fix-stack-buffer-overflow-vulnerability-in-i2c-m.patch @@ -0,0 +1,126 @@ +From 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr> +Date: Fri, 10 Jun 2022 14:50:25 +0000 +Subject: [PATCH] i2c: fix stack buffer overflow vulnerability in i2c md + command + +When running "i2c md 0 0 80000100", the function do_i2c_md parses the +length into an unsigned int variable named length. The value is then +moved to a signed variable: + + int nbytes = length; + #define DISP_LINE_LEN 16 + int linebytes = (nbytes > DISP_LINE_LEN) ? DISP_LINE_LEN : nbytes; + ret = dm_i2c_read(dev, addr, linebuf, linebytes); + +On systems where integers are 32 bits wide, 0x80000100 is a negative +value to "nbytes > DISP_LINE_LEN" is false and linebytes gets assigned +0x80000100 instead of 16. + +The consequence is that the function which reads from the i2c device +(dm_i2c_read or i2c_read) is called with a 16-byte stack buffer to fill +but with a size parameter which is too large. In some cases, this could +trigger a crash. But with some i2c drivers, such as drivers/i2c/nx_i2c.c +(used with "nexell,s5pxx18-i2c" bus), the size is actually truncated to +a 16-bit integer. This is because function i2c_transfer expects an +unsigned short length. In such a case, an attacker who can control the +response of an i2c device can overwrite the return address of a function +and execute arbitrary code through Return-Oriented Programming. + +Fix this issue by using unsigned integers types in do_i2c_md. While at +it, make also alen unsigned, as signed sizes can cause vulnerabilities +when people forgot to check that they can be negative. + +Signed-off-by: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr> +Reviewed-by: Heiko Schocher <hs@denx.de> + +CVE: CVE-2022-34835 +Upstream-Status: Backport [8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409] + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + cmd/i2c.c | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +diff --git a/cmd/i2c.c b/cmd/i2c.c +index 9050b2b8d2..bd04b14024 100644 +--- a/cmd/i2c.c ++++ b/cmd/i2c.c +@@ -200,10 +200,10 @@ void i2c_init_board(void) + * + * Returns the address length. + */ +-static uint get_alen(char *arg, int default_len) ++static uint get_alen(char *arg, uint default_len) + { +- int j; +- int alen; ++ uint j; ++ uint alen; + + alen = default_len; + for (j = 0; j < 8; j++) { +@@ -247,7 +247,7 @@ static int do_i2c_read(struct cmd_tbl *cmdtp, int flag, int argc, + { + uint chip; + uint devaddr, length; +- int alen; ++ uint alen; + u_char *memaddr; + int ret; + #if CONFIG_IS_ENABLED(DM_I2C) +@@ -301,7 +301,7 @@ static int do_i2c_write(struct cmd_tbl *cmdtp, int flag, int argc, + { + uint chip; + uint devaddr, length; +- int alen; ++ uint alen; + u_char *memaddr; + int ret; + #if CONFIG_IS_ENABLED(DM_I2C) +@@ -469,8 +469,8 @@ static int do_i2c_md(struct cmd_tbl *cmdtp, int flag, int argc, + { + uint chip; + uint addr, length; +- int alen; +- int j, nbytes, linebytes; ++ uint alen; ++ uint j, nbytes, linebytes; + int ret; + #if CONFIG_IS_ENABLED(DM_I2C) + struct udevice *dev; +@@ -589,9 +589,9 @@ static int do_i2c_mw(struct cmd_tbl *cmdtp, int flag, int argc, + { + uint chip; + ulong addr; +- int alen; ++ uint alen; + uchar byte; +- int count; ++ uint count; + int ret; + #if CONFIG_IS_ENABLED(DM_I2C) + struct udevice *dev; +@@ -676,8 +676,8 @@ static int do_i2c_crc(struct cmd_tbl *cmdtp, int flag, int argc, + { + uint chip; + ulong addr; +- int alen; +- int count; ++ uint alen; ++ uint count; + uchar byte; + ulong crc; + ulong err; +@@ -985,7 +985,7 @@ static int do_i2c_loop(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) + { + uint chip; +- int alen; ++ uint alen; + uint addr; + uint length; + u_char bytes[16]; +-- +2.25.1 + diff --git a/poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb b/poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb index 0d2464d74b..f2443723e2 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb +++ b/poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb @@ -3,6 +3,7 @@ require u-boot.inc SRC_URI:append = " file://0001-riscv32-Use-double-float-ABI-for-rv32.patch \ file://0001-riscv-fix-build-with-binutils-2.38.patch \ + file://0001-i2c-fix-stack-buffer-overflow-vulnerability-in-i2c-m.patch \ " DEPENDS += "bc-native dtc-native python3-setuptools-native" |