diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2020-12-01 20:48:33 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2020-12-03 21:04:38 +0300 |
commit | 94a70a0f73533c9af5a5a15942539e8eda1a6a5e (patch) | |
tree | 5498997319636e4a46d5c790f7f6b29c21bffcea /poky/meta/recipes-connectivity | |
parent | 1985ab5bd94a390b8e0c60091fb4ec5aaaf69a03 (diff) | |
download | openbmc-94a70a0f73533c9af5a5a15942539e8eda1a6a5e.tar.xz |
subtree updates - pull latest dunfell
meta-raspberrypi: 8066fac91d..9879932097:
Alex Gonzalez (1):
linux-raspberrypi: Only deploy cmdline.txt for the main kernel
Andrei Gherzan (5):
Revert "Generalize the naming of the bootfiles deploy directory"
Revert "u-boot: Move fw_env.config to u-boot append"
Revert "u-boot-rpi: Locate local patches with FILESEXTRAPATHS."
Revert "u-boot: Fix booting raspberrypi CM3 module"
sdcard_image-rpi.bbclass: Fix when RPI_SDIMG_EXTRA_DEPENDS not defined
Andrzej Bednarski (1):
docs: Correct minor spelling issues
Christopher Clark (4):
linux-raspberrypi: bump to 5.4.50 since upstream was force-pushed
rpi-base: add SERIAL_CONSOLES_CHECK to default to SERIAL_CONSOLES
sdcard_image-rpi.bbclass: enable extensible inclusion into boot
docs/extra-build-config.md: document vars to add to boot partition
Drew Moseley (1):
u-boot-rpi: Locate local patches with FILESEXTRAPATHS.
Eino Juhani Oltedal (1):
linux-raspberrypi: bump to Linux version 5.4.72
Fabio Berton (2):
u-boot: Move fw_env.config to u-boot append
u-boot: Move fw_env.config to u-boot append
Jakub Luzny (2):
rpi-config: Add CAN_OSCILLATOR variable to set mcp2515 crystal frequency
docs/extra-build-config.md: Document CAN_OSCILLATOR variable
Jeff Ithier (2):
Generalize the naming of the bootfiles deploy directory
Generalize the naming of the bootfiles deploy directory
Jon Magnuson (1):
packagegroup-rpi-test: resolve `wireless-regdb` conflict
Khem Raj (16):
linux-raspberrypi_5.4.bb: Move to 5.4.45
linux-raspberrypi_5.4.bb: Upgrade to 5.4.47
userland: Update to 2020-06-24 top commit
linux-raspberrypi: Update to 5.4.59
raspberrypi-firmware: Upgrade to 20200819
xserver-xorg: Depend on userland when vc4graphics is disabled
libsdl2: Add userland dependency when not using vc4graphics
linux-raspberrypi_5.4.bb: Build ashmem and binder drivers
README: Mention Yoe distro in supported distro list
linux-firmware-rpidistro: Update to 20190114-1+rpt8
linux-raspberrypi_5.4.bb: Update to 5.4.69
raspberrypi-firmware: Update to 20201002 snapshot
raspberrypi-tools: Update to latest snapshot as of 20200803
oeqa: Add 5.4 specific error messages to ignore list
rpi-default-settings: Replace default parselogs with parselogs_rpi
linux-raspberrypi: Fix build regression from last update
Leon Anavi (8):
rpi-base.inc: Add infrared dtbo
lirc_%.bbappend: Fix for gpio-ir
lirc_%.bbappend: Remove
rpi-u-boot-scr: Create uboot.env via boot.cmd.in
libubootenv_%.bbappend: Add fw_env.config
rpi-config: Add ENABLE_IR variable for infrared
rpi-base.inc: Include modules if IR is enabled
docs/extra-build-config.md: Infrared
Luis Alfredo da Silva (1):
Revert "mesa: querying dma_buf modifiers for specific formats"
M. ter Woord (1):
Update layer-contents.md to include pi4
Madhavan Krishnan (1):
libcamera: Define packageconfig to enable rpi pipeline
Marek Belisko (2):
u-boot: Fix booting raspberrypi CM3 module
u-boot: Fix booting raspberrypi CM3 module
Martin Jansa (10):
linux-raspberrypi-5.4: bump SRCREV to latest to fix perf build
layer.conf: Remove older releases from LAYERSERIES_COMPAT
linux-raspberrypi-5.4: backport a fix for perf build with -fno-common from gcc-10
rpi-gpio: add -fcommon temporarily
linux-raspberrypi-5.4: revert 1 commit from upstream to fix lttng-modules build
raspberrypi-{firmware,tools}: set downloadfilename
Revert "linux-raspberrypi-5.4: revert 1 commit from upstream to fix lttng-modules build"
linux-raspberrypi-5.4: bump SRCREV to fix raspberrypi3-64 builds
python3-rtimu: don't use trailing slash in S
Revert "libcamera: Define packageconfig to enable rpi pipeline"
Murat Kilivan (1):
linux-raspberrypi_5.4.bb: Add kernel-cache source
Pierre-Jean Texier (9):
raspberrypi-firmware: update to current HEAD
linux-raspberrypi: bump to Linux version 4.19.126
linux-raspberrypi: bump to Linux version 5.4.51
raspberrypi-firmware: update to current HEAD
rpi-default-versions: Switch defaults to 5.4
raspberrypi-firmware: update to current HEAD
linux-raspberrypi: bump to revision 4b945d5
raspberrypi-firmware: update to current HEAD
linux-raspberrypi: bump to Linux version 5.4.64
colin (3):
conf/machine/include/rpi-base.inc: Added can1 interface to bsp
rpi-config_git: Added ENABLE_DUAL_CAN build configuration
docs: Added documentation for Pican2 Duo support
poky: ed3bdd7fbc..424296bf9b:
Adrian Bunk (10):
git: Upgrade 2.24.1 -> 2.24.3
wireless-regdb: Upgrade 2019.06.03 -> 2020.04.29
libubootenv: Remove the DEPENDS on mtd-utils
iproute2: Remove -fcommon
libxcrypt2: Remove -fcommon
mesa: Remove -fcommon
at-spi2-atk: Remove -fcommon
menu-cache: Replace -fcommon with fix
matchbox-wm: Replace -fcommon with fix
librsvg: Upgrade 2.40.20 -> 2.40.21
Adrian Freihofer (1):
oe-publish-sdk: fix layers init via ssh
Alex Kiernan (1):
recipetool: Fix list concatenation when using edit
Alexander Kanavin (23):
testresults.json: add duration of the tests as well
lz4: disable static library
linux-firmware: upgrade 20200421 -> 20200519
build-sysroots: add sysroot paths with native binaries to PATH
patchelf: switch to git
powertop: switch to Arjan's git
apr-util: make gdbm optional
linux-firmware: upgrade 20200519 -> 20200619
gobject-introspection: add a patch to fix a build race
icu: make filtered data generation optional, serial and off by default
babeltrace: correct the git SRC_URI
gnutls: upgrade 3.6.13 -> 3.6.14
libexif: update to 0.6.22
testimage: add an overall timeout setting
oeqa: write @OETestTag content into json test reports for each case
linux-firmware: upgrade 20200619 -> 20200721
linux-firmware: update 20200721 -> 20200817
selftest/virgl: drop the custom 30 sec timeout
nasm: update 2.14.02 -> 2.15.03 for CVE fixes
linux-firmware: upgrade 20200817 -> 20201022
clutter-gst-3.0: do not call out to host gstreamer plugin scanner
ptest-runner: fix upstream version check
glib-2.0: correct build with latest meson
Andreas M?ller (1):
meson.bbclass: avoid unexpected operating-system names
Andrei Gherzan (2):
initscripts: Fix various shellcheck warnings in populate-volatile.sh
initscripts: Fix populate-volatile.sh bug when file/dir exists
Andrej Valek (1):
oeqa/runtime/cases/ptest: Make output content path absolute
Andrey Zhizhikin (3):
kernel/yocto: fix search for defconfig from src_uri
insane: check for missing update-alternatives inherit
insane: add GitLab /archive/ tests
Anibal Limon (2):
recipes-kernel: linux-firmware add qcom-venus-{5.2,5.4} packages
ptest-runner: Bump to 2.4.0
Anuj Mittal (1):
linux-yocto: bump genericx86 kernel version to v5.4.40
Aníbal Limón (3):
recipes-kernel/linux-firmware: Add wlanmdsp.mbn to qcom-modem package
recipes-kernel/linux-firmware: Add adreno-a630 firmware package
linux-firmware: Update to 20200122 -> 20200421
Armin Kuster (6):
curl: Security fixes for CVE-2020-{8169/8177}
wpa-supplicant: Security fix CVE-2020-12695
sqlite3: Security fix for CVE-2020-15358
glibc: Secruity fix for CVE-2020-6096
bind: update to 9.11.22 ESV
timezone: update to 2020b
Bjarne Michelsen (1):
devtool: default to empty string, if LIC_FILES_CHKSUM is not available
Bruce Ashfield (43):
linux-yocto/5.4: update to v5.4.38
linux-yocto/5.4: update to v5.4.40
kernel/reproducibility: kernel modules need SOURCE_DATE_EPOCH export
linux-yocto/5.4: update to v5.4.42
linux-yocto-rt/5.4: update to rt24
linux-yocto/5.4: temporarily revert IKHEADERS in standard kernels
linux-yocto: gather reproducibility configs into a fragment
linux-yocto/5.4: update to v5.4.43
linux-yocto/5.4: update to v5.4.45
linux-yocto-rt/5.4: update to rt25
linux-yocto/5.4: update to v5.4.46
linux-yocto/5.4: update to v5.4.47
linux-yocto/5.4: update to v5.4.49 and -rt28
yocto-bsps: bump reference boards to v5.4.49
kernel/yocto: ensure that defconfigs are processed first
linux-yocto/5.4: update to v5.4.50
kernel-yocto: account for extracted defconfig in elements check
linux-yocto/5.4: update to v5.4.51
linux-yocto-rt/5.4: fix mmdrop stress test issues
linux-yocto/5.4: update to v5.4.53
linux-yocto/5.4: fix perf build with binutils 2.35
linux-yocto/5.4: update to v5.4.54
linux-yocto-rt/5.4: update to rt32
linux-yocto/5.4: update to v5.4.56
linux-yocto/5.4: update to v5.4.57
linux-yocto/5.4: update to v5.4.58
linux-yocto/5.4: perf cs-etm: Move definition of 'traceid_list' global variable from header file
linux-yocto/5.4: update to v5.4.59
linux-yocto/5.4: update to v5.4.60
linux-yocto/5.4: update to v5.4.61
kernel-yocto: checksum all modifications to available kernel fragments directories
yocto-bsps: update reference BSPs to 5.4.54
yocto-bsp: update to v5.4.56
yocto-bsp: update to v5.4.58
kernel-yocto: add KBUILD_DEFCONFIG search location to failure message
linux-yocto/config: netfilter: Enable nat for ipv4 and ipv6
linux-yocto/5.4: update to v5.4.64
linux-yocto/5.4: update to v5.4.65
lttng-modules: backport writeback.h changes from 2.12.x to fix kernel 5.4.62+
linux-yocto/5.4: fix kprobes build warning
linux-yocto/5.4: update to v5.4.67
linux-yocto/5.4: update to v5.4.68
linux-yocto/5.4: update to v5.4.69
Changqing Li (10):
mime.bbclass: fix post install scriptlet error
modutils-initscripts: update postinst
initscripts: update postinst
gtk-icon-cache.bbclass: add runtime dependency
logrotate.py: fix testimage occasionally failure
gtk-immodules-cache.bbclass: fix post install scriptlet error
libffi: fix multilib header conflict
gpgme: fix multilib header conflict
toolchain-shar-extract.sh: don't print useless info
timezone: upgrade to 2020d
Charlie Davies (3):
u-boot: fix condition to allow use of *.cfg
bitbake: bitbake: fetch/git: add support for SRC_URI containing spaces in url
bitbake: bitbake: tests/fetch: add unit tests for SRC_URI with spaces in url
Chee Yang Lee (7):
qemu : fix CVE-2020-16092
bash : inlcude patch 17 & 18
xserver-xorg: fix CVE-2020-14346/14361/14362
libx11: fix CVE-2020-14363
perl: fix ptest test count
bluez5: update to 5.55 to fix CVE-2020-27153
ruby: fix CVE-2020-25613
Chen Qi (8):
db: do not install db_verify if 'verify' is not enabled
vim: restore the 'chmod -x' workaround in do_install
systemd-serialgetty: do not use BindsTo
oescripts.py: fix typo
oescripts: ignore whitespaces when comparing lines
rpm: fix nativesdk's default var location
grub: set CVE_PRODUCT to grub2
fribidi: extend CVE_PRODUCT to include fribidi
Chris Laplante (8):
bitbake: ui/teamcity: don't use removed logging classes
cve-update-db-native: add progress handler
cve-check/cve-update-db-native: use lockfile to fix usage under multiconfig
cve-update-db-native: use context manager for cve_f
cve-check: avoid FileNotFoundError if no do_cve_check task has run
cve-update-db-native: be less magical about checking whether the cve-check class is enabled
cve-update-db-native: move -journal checking into do_fetch
cve-update-db-native: remove unused variable
Christian Eggers (3):
libnl: Extend for native/nativesdk
avahi: Fix typo in recipe
packagegroup: rrecommend perf also for musl on ARM
Christophe GUIBOUT (1):
initramfs-framework: support kernel cmdline with double quotes
Daniel Ammann (1):
image.bbclass: improve wording when image size exceeds the specified limit
Daniel Gomez (1):
allarch: Add missing allarch ttf-bitstream-vera
Daniel McGregor (1):
buildhistory-collect-srcrevs: sort directories
David Khouya (2):
bitbake: lib/ui/taskexp: Validate gi import
bitbake: lib/ui/taskexp: Fix missing Gtk import
De Huo (1):
bash: fix CVE-2019-18276
Denys Zagorui (1):
binutils: reproducibility: reuse debug-prefix-map for stabs
Diego Santa Cruz (1):
freetype: fix CVE-2020-15999, backport from 2.10.4
Douglas (2):
nativesdk: clear MACHINE_FEATURES
nativesdk: Set the CXXFLAGS to the BUILDSDK_CXXFLAGS
Geoff Parker (1):
systemd-serialgetty: Replace sed quoting using ' with " to allow var expansion
Gratian Crisan (1):
kernel-module-split.bbclass: identify kernel modconf files as configuration files
Gregor Zatko (1):
sanity.bbclass: Detect and fail if 'inherit' is used in conf file
Guillaume Champagne (1):
weston: add missing packageconfigs
Hannu Lounento (1):
openssl: move ${libdir}/[...]/openssl.cnf to ${PN}-conf
Hongxu Jia (1):
iso-codes: switch upstream branch master -> main
Jacob Kroon (4):
bitbake: doc: Clarify how task dependencies relate to RDEPENDS
bitbake: doc: More explanation to tasks that recursively depend on themselves
squashfs-tools: Backport fix for compiling with gcc 10
insane: Check for feature check variables not being used
Jan-Simon Moeller (1):
file: add bzip2-replacement-native to DEPENDS to fix sstate issue
Jean-Francois Dagenais (1):
bitbake: siggen: clean_basepath: remove recipe full path when virtual:xyz present
Jens Rehsack (3):
u-boot: avoid blind merging all *.cfg
subversion: extend for nativesdk
serf: extend for nativesdk
Joe Slater (4):
terminal.py: do not stop searching for auto
qemu: force build type to production
vim: _FORTIFY_SOURCE=2 be gone
acpica: Upgrade 20200214 -> 20200430 for gcc-10 fixes
Jose Quaresma (13):
gstreamer1.0: Fix reproducibility issue around libcap
gstreamer1.0: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-plugins-base: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-plugins-good: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-plugins-bad: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-plugins-ugly: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-libav: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-vaapi: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-rtsp-server: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-omx: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-python: Update 1.16.2 -> Update 1.16.3
gst-validate: Update 1.16.2 -> Update 1.16.3
gstreamer1.0: warn the user when something is wrong with GstBufferPool
Joshua Watt (24):
checklayer: Skip layers without a collection
pycryptodome: Import from meta-python
pyelftools: Import from meta-python
python3-pycryptodome(x): Upgrade 3.9.4 -> 3.9.7
python3-pyelftools: Upgrade 0.25 -> 0.26
layer.conf: Bump OE-Core layer version
classes/archiver: Create patched archive before configuring
bitbake: hashserv: Chunkify large messages
bitbake: siggen: Fix error when hash equivalence has an exception
classes/archiver: run do_unpack_and_patch after do_preconfigure
classes/archive: do_configure should not depend on do_ar_patched
classes/cmake: Fix host detection
classes/package: Use HOST_OS for runtime dependencies
oeqa: runtime_tests: Extra GPG debugging
oeqa: sdk: Capture stderr output
wic: Add --offset argument for partitions
wic: Fix --extra-space argument handling
wic: Fix error message when reporting invalid offset
wic: Add 512 Byte alignment to --offset
classes/sanity: Bump minimum python version to 3.5
jquery: Upgrade 3.4.1 -> 3.5.0 to fix CVE-2020-11022 and CVE-2020-11023
classes/reproducible: Move to library code
lib/oe/reproducible: Fix error when no git HEAD
lib/oe/reproducible.py: Fix git HEAD check
Kai Kang (5):
gcr: depends on gnupg-native
bitbake: bitbake-user-manual-metadata.xml: fix a minor error
mdadm: remove service template from SYSTEMD_SERVICE
wpa-supplicant: remove service templates from SYSTEMD_SERVICE
encodings: clear postinst script
Kevin Hao (3):
wic/filemap: Drop the unused block_is_unmapped()
wic/filemap: Drop the unused get_unmapped_ranges()
wic/filemap: Fall back to standard copy when no way to get the block map
Khem Raj (25):
cve-check: Run it after do_fetch
make-mod-scripts: Fix a rare build race condition
glibc: Update to latest on 2.31 branch
wayland: fix condition for strndup detection
syslinux: Fix build with gcc10
valgrind: Do not use outline-atomics on aarch64
valgrind: Backport upstream patch to fix __getauxval needs
go: Disbale CGO for riscv64
go-dep: Fix build on riscv64
qemumips: Use 34Kf CPU emulation
glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch
gcc-9.3.inc: Mark CVE-2019-15847 as fixed
go: update 1.14.4 -> 1.14.6
go: Upgrade to 1.14.7
json-c: Fix CVE-2020-12762
util-linux: Allow update alternatives for additional apps
json-glib: Backport a build fix with clang
uninative: Upgrade to 2.9
rpcbind: Use update-alternatives for rpcinfo
populate_sdk_ext: Do not assume local.conf will always exist
site: Make sys_siglist default to no
packagegroups: remove strace and lttng-tools for rv32/musl
packagegroup-core-tools-debug: Disable for rv32/glibc as well
qemuboot.bbclass: Fix a typo
ptest-runner: Backport patch to fix inappropriate ioctl error
Konrad Weihmann (14):
qemurunner: fix ip fallback detection
sysfsutils: rem leftover settings for libsysfs-dev
cogl: point to correct HOMEPAGE
runqemu: add QB_ROOTFS_EXTRA_OPT parameter
testimage: enable ovmf support
systemd: remove kernel-install from base pkg
bitbake: pyshyacc: allow double COMMA statements
ptest: append to FILES
cve-update: handle baseMetricV2 as optional
testexport: rename create_tarball method
bitbake: bitbake-user-manual: Add BBFILES_DYNAMIC
oeqa/core/context: expose results as variable
oeqa/core/context: initialize _run_end_time
testimage: print results for interrupted runs
Kurt Kiefer (1):
linux-firmware: add ibt-20 package
Lee Chee Yang (31):
qemu: fix CVE-2020-11869
bind: fix CVE-2020-8616/7
libexif: fix CVE-2020-13114
qemu: fix CVE-2020-13361
dbus: fix CVE-2020-12049
perl: fix CVE-2020-10543 & CVE-2020-10878
oeqa/core/loader: refine regex to find module
qemu: fix CVE-2020-10702/10761/13362/13659/13800
python3: fix CVE-2020-14422
bison: fix Argument list too long error
systemd : fix CVE-2020-13776
buildhistory: use pid for temporary txt file name
checklayer: check layer in BBLAYERS before test
ghostscript: fix CVE-2020-15900
qemu: fix CVE-2020-15863
libjpeg-turbo: fix CVE-2020-13790
webkitgtk: fix CVE-2020-13753
ghostscript: update to 9.52
perl: fix CVE-2020-12723
xserver-xorg: fix CVE-2020-14347
qemu: fix CVE-2020-14364 CVE-2020-14415
libx11 : fix CVE-2020-14344
libproxy: fix CVE-2020-25219
python3: fix CVE-2020-26116
grub2: fix CVE-2020-10713
ffmpeg: fix CVE-2020-12284
libproxy: fix CVE-2020-26154
bison: update to 3.5.4 for CVE-2020-14150
python3: whitelist CVE-2020-15523
python3: fix CVE-2020-27619
qemu: fix CVE-2020-24352
Lili Li (1):
kernel.bbclass: Fix Module.symvers support
Marco Felsch (1):
util-linux: alternatify rtcwake
Marek Vasut (5):
libubootenv: Depend on zlib
lttng-modules: update to 2.11.6
lttng-tools: update to 2.11.5
lttng-ust: update to 2.11.1
stress-ng: Upgrade 0.11.01 -> 0.11.17
Mark Hatle (3):
sstate.bbclass: When siginfo or sig files are missing, stop fetcher errors
package_tar.bbclass: Sync to the other package_* classes
package.bbclass: Sort shlib2 output for hash equivalency
Mark Jonas (5):
Add license text for PSF-2.0
Map license names PSF and PSFv2 to PSF-2.0
libsdl2: Fix directfb syntax error
libsdl2: Fix directfb SDL_RenderFillRect
libbsd: Remove BSD-4-Clause from main package
Martin Jansa (13):
net-tools: backport a patch from upstream to use the same ifconfig format as debian/ubuntu
perf: backport a fix for confusing non-fatal error
devtool: expand SRC_URI when guessing recipe update mode
arch-armv7a.inc: fix typo
arch-mips.inc: remove duplicated mips64el-o32 from PACKAGE_EXTRA_ARCHS_tune-mips64el-o32
tune-mips64r6.inc: fix typo in mipsisa64r6-nf
tune-ep9312.inc: add t suffix for thumb to PACKAGE_EXTRA_ARCHS_tune-ep9312
tune-riscv.inc: use nf suffix also for TUNE_PKGARCH
siteinfo: Recognize 32bit PPC LE
siteinfo: Recognize bigendian sh3be and sh4be
lib/oe/patch: prevent applying patches without any subject
lib/oe/patch: GitApplyTree: save 1 echo in commit-msg hook
Revert "lib/oe/patch: fix handling of patches with no header"
Matt Madison (2):
cogl-1.0: correct X11 dependencies
image.bbclass: fix REPRODUCIBLE_TIMESTAMP_ROOTFS reference
Matthew (1):
ltp: make copyFrom scp command non-fatal
Max Krummenacher (2):
linux-firmware: package marvel sdio 8997 firmware
linux-firmware: package nvidia firmware
Maxime Roussin-Bélanger (1):
meta: fix some unresponsive homepages and bugtracker links
Michael Gloff (2):
sysvinit: Remove ${B} assignment
sysvinit rc: Use PSPLASH_FIFO_DIR for progress fifo
Michael Tretter (1):
devtool: deploy-target: Fix size calculation for hard links
Mikko Rapeli (2):
alsa-topology-conf: use ${datadir} in do_install()
alsa-ucm-conf: use ${datadir} in do_install()
Ming Liu (6):
u-boot: introduce UBOOT_INITIAL_ENV
u-boot: support merging .cfg files for UBOOT_CONFIG
conf/machine: set UBOOT_MACHINE for qemumips and qemumips64
multilib.conf: add u-boot to NON_MULTILIB_RECIPES
libubootenv: uprev to v0.3
libubootenv: inherit uboot-config
Mingli Yu (5):
bison: fix the parallel build
python3-setuptools: add the missing rdepends
python3-libarchive-c: add the missing rdepends
update_udev_hwdb: clean hwdb.bin
python3: add ldconfig rdepends for python3-ctypes
Naoki Hayama (1):
uninative: Fix typo in error message
Nathan Rossi (1):
diffstat: add nativesdk to BBCLASSEXTEND
Neil Armstrong (1):
linux-firmware: add Amlogic VDEC firmware package
Nicolas Dechesne (2):
checklayer: parse LAYERDEPENDS with bb.utils.explode_dep_versions2()
linux-libc-headers: kernel headers are installed in STAGING_KERNEL_BUILDDIR
Norman Stetter (1):
sstate.bbclass: Check file ownership before doing 'touch -a'
Oleksandr Kravchuk (1):
ell: update to 0.33
Otavio Salvador (7):
systemd: Sync systemd-serialgetty@.service with upstream
mtd-utils: Fix return value of ubiformat
go-mod.bbclass: Add class for `go mod` support
glide: Avoid use of 'go mod' support
go-dep: Avoid use of 'go mod' support
go.bbclass: Add `-trimpath` to default build flags
openssh: Allow enable/disable of rng-tools recommendation on sshd
Ovidiu Panait (1):
libxml2: Fix CVE-2020-24977
Paul Barker (5):
archiver.bbclass: Make do_deploy_archives a recursive dependency
avahi: Don't advertise example services by default
archiver: Fix test case for srpm archiver mode
oe-selftest: Allow overriding the build directory used for tests
oe-selftest: Recursively patch test case paths
Peter A. Bigot (1):
bluez5: fix builds that require ell support
Peter Kjellerstedt (2):
cairo: Do not try to remove nonexistent directories
relocatable.bbclass: Avoid an exception if an empty pkgconfig dir exist
Pierre-Jean Texier (2):
ell: upgrade 0.31 -> 0.32
libubootenv: upgrade 0.3 -> 0.3.1
Quentin Schulz (1):
base/insane: Check pkgs lics are subset of recipe lics only once
Rahul Chauhan (1):
busybox: Security Fix For CVE-2018-1000500
Rahul Kumar (1):
systemd-serialgetty: Fix sed expression quoting
Ralph Siemsen (1):
cve-check: include epoch in product version output
Randy MacLeod (1):
curl: Change SRC_URI from http to https
Rasmus Villemoes (3):
coreutils: don't split stdbuf to own package with single-binary
kernel.bbclass: run do_symlink_kernsrc before do_patch
cml1: Move find_cfgs() helper to cml1.bbclass
Ricardo Salveti (1):
dosfstools: add mkfs.vfat to ALTERNATIVE
Richard Leitner (7):
libtirpc: remove extra "-fcommon" from CFLAGS
gdbm: add patch to fix link failure against gcc 10
dtc: update to 1.6.0
libcomps: update to 0.1.15
binutils: add patch to fix issues with gcc 10
cpio: add patch to fix issues with gcc 10
xcb-proto: backport fix for python gcd function
Richard Purdie (72):
resulttool/report: Remove leftover debugging
resulttool/log: Add ability to dump ltp logs as well as ptest
poky.conf: Bump version for 3.1.1 dunfell release
build-appliance-image: Update to dunfell head revision
build-appliance: Update branch to point at dunfell
build-appliance-image: Update to dunfell head revision
ltp: Exclude the memcg_stress tests due to timeout problems
maintainers: Update Ross' email address
logrotate: Drop obsolete setting/comment
oeqa/targetcontrol: Rework exception handling to avoid warnings
patchelf: Add patch to address corrupt shared library issue
bitbake: tests/fetch: Switch from git.infradead.org to a YP mirror
ltp: Add missing dependencies on coreutils, bc, e2fsprogs and gdb
perl: Fix host specific modules problems
bitbake: runqueue: Avoid unpickle errors in rare cases
bitbake: msg: Avoid issues where paths have relative components
pseudo: Fix attr errors due to incorrect library resolution issues
oeqa/selftest/runcmd: Add better debug for thread count mismatch failures
oeqa/utils/command: Improve stdin handling in runCmd
scripts/install-buildtools: Update to 3.2 M1 buildtools
scripts/install-buildtools: Handle new format checksum files
oeqa/selftest: Clean up separate builddir in success case when non-threaded
populate_sdk_ext: Fix to use python3, not python
oeqa/selftest: recipetool/devtool: Avoid load_plugin test race
oeqa/targetcontrol: Attempt to fix log closure warning message
rootfs-postcommands: Improve/fix rootfs_check_host_user_contaminated
bitbake: server/process: Increase timeout for commands
bitbake: fetch2: Change git fetcher not to destroy old references
bitbake: server/process: Fix a rare lockfile race
bitbake: server/process: Ensure UI-less servers don't sit in infinite loops
bitbake: server/process: Fix note reference -> info
oeqa/selftest/sstatetests: Avoid polluting DL_DIR
qemurunner: Ensure pid location is deterministic
qemurunner: Add extra debug info when qemu fails to start
oeqa/utils/qemurunner: Fix missing pid file tracebacks
bitbake: cooker: Handle multiconfig name mappings correctly
bitbake: server/process: Fix UI first connection tracking
bitbake: server/process: Account for xmlrpc connections
oeqa/qemurunner: Add priority/nice information for running processes
uninative: Handle PREMIRRORS generically
selftest/tinfoil: Increase wait event timeout
runqemu: Show an error for conflicting graphics options
selftest/prservice: Improve test failure message
bitbake: fetch2: Drop cups.org from wget status checks
runqemu: Add a hook to allow it to renice
selftest/signing: Ensure build path relocation is safe
oeqa/concurrencytest: Improve builddir path manipulations
bitbake: tests/fetch: Move away from problematic freedesktop.org urls
build-appliance-image: Update to dunfell head revision
scripts/oe-build-perf-report: Use python3 from the environment
build-appliance-image: Update to dunfell head revision
python3-markupsafe: Import from meta-oe/meta-python
python3-jinja2: Import from meta-oe/meta-python
buildtools-tarball: Add python3-jinja2
dropbear/openssh: Lower priority of key generation
buildtools: Handle generic environment setup injection
buildtools-tarball: Fix conflicts with oe-selftest and other tooling
oeqa/qemurunner: Increase serial timeout
oeqa/selftest/incompatible_lib: Fix append usage
oeqa/selftest/containerimage: Update to match assumptions in configuration
ssh-pregen-hostkeys: Add a recipe with pregenerated ssh host keys
glibc: do_stash_locale must not delete files from ${D}
libtools-cross/shadow-sysroot: Use nopackages inherit
scripts/oe-build-perf-report: Allow operation with no buildstats
oe-build-perf-report: Ensure correct data is shown for multiple branch options
bitbake: tests/fetch: Update upstream master->main branchname transition
oeqa: Add sync call to command execution
sstatesig: Log timestamps for hashequiv in reprodubile builds for do_package
ptest-runner: Fix license as it contains 'or later' clause
libdnf: Fix license as it contains 'or later' clause
alsa-utils: Fix license to GPLv2 only
build-appliance-image: Update to dunfell head revision
Robert P. J. Day (7):
ref-manual: fix excessive command indentation
ref-manual: IMAGE_TYPES, add tar.zst, delete elf
ref-manual: typo "SSTATE_MIRROR" -> "SSTATE_MIRRORS"
ref-manual: Remove long-dead PACKAGE_GROUP variable
ref-manual: delete long-unused comments in variable glossary
bitbake: docs: delete reference to obsolete recipe-depends.dot
bitbake: user manual: properly tag content as <replaceable>
Robert Yang (2):
archiver.bbclass: Fix duplicated SRC_URIs for do_ar_original
openssl: openssl-bin requires openssl-conf to run
Ross Burton (20):
install-buildtools: fail if an error occurs
install-buildtools: remove hardcoded x86-64 architecture
common-licenses: add BSD-2-Clause-Patent
gstreamer1.0-plugins-bad: add support for vdpau
common-licenses: fix filename of BSD-2-Clause-Patent
insane: consolidate skipping of temporary do_package files
startup-notification: add time_t type mismatch patch from upstream
package.bbclass: explode the RPROVIDES so we don't think the versions are provides
insane: improve gnu-hash-style warning
gdk-pixbuf: add tests PACKAGECONFIG
insane: only load real files as ELF
autoconf: consolidate DEPENDS
curl: add vendors to CVE_PRODUCT to exclude false positives
cmake: whitelist CVE-2016-10642
alsa-plugins: improve .la removal
sato-screenshot: improve .la removal
meta: add/fix invalid Upstream-Status tags
gcc: mitigate the Straight-line Speculation attack
glib-2.0: fix parsing of slim encoded tzdata
syslinux: add link to upstream discussion in patch
Sakib Sajal (1):
busybox: make hwclock compatible with glibc 2.31
Steve Sakoman (31):
poky: Add Ubuntu 20.04 as a supported distro
Documenation: Prepared for the 3.1.1 release
oeqa/concurrencytest: don't delete build directory for failed tests
Documentation: Add 3.1.1 version updates missing from previous commit
u-boot-tools: backport patch from upstream to fix gcc 10 builds
buildtools-tarball: export OPENSSL_CONF in environment setup
u-boot: move redundant-yyloc-global patch to u-boot-common.inc
poky.conf: Bump version for 3.1.2 release
Documenation: Prepared for the 3.1.2 release
poky: Add fedora32 as a supported distro
glib-networking: upgrade 2.62.3 to 2.62.4
Revert "gtk-icon-cache.bbclass: add runtime dependency"
glib-2.0: update 2.62.4 to 2.62.5
glib-2.0: update 2.62.5 to 2.62.6
sanity.conf: update BB_MIN_VERSION to 1.46.0
Documenation: Prepared for the 3.1.3 release
poky.conf: Bump version for 3.1.3 release
Revert "kernel.bbclass: run do_symlink_kernsrc before do_patch"
xinput-calibrator: change SRC_URI to branch with libinput support
Revert "lttng-modules: backport writeback.h changes from 2.12.x to fix kernel 5.4.62+"
qemu: fix CVE-2019-20175
sqlite3: fix CVE-2020-13434
sqlite3: fix CVE-2020-13435
sqlite3: fix CVE-2020-13630
sqlite3: fix CVE-2020-13631
sqlite3: fix CVE-2020-13632
netbase: update SRC_URI to reflect new file name
netbase: bump PE to purge bogus hash equivalence from autobuilder
Documenation: Prepared for the 3.1.4 release
openssh: whitelist CVE-2014-9278
poky.conf: Bump version for 3.1.4 release
Sumit Garg (1):
insane: fix gnu-hash-style check
TeohJayShen (2):
oeqa/manual/bsp-hw.json : remove shutdown_system test
oeqa/manual/bsp-hw.json : remove X_server_can_start_up_with_runlevel_5_boot test
Tim Orling (4):
bitbake: toaster-requirements.txt: require Django 2.2
lib/oe/recipeutils.py: add AUTHOR; BBCLASSEXTEND
scripts/lib/recipetool/create.py: fix regex strings
oeqa/selftest/cases/devtool.py: avoid .pyc race
Timon Ulrich (1):
kernel.bbclass: add lz4 dependency and fix the call to lz4
Trevor Gamblin (1):
qemuarm: check serial consoles vs /proc/consoles
Tuomas Salokanto (1):
recipetool: create: fix SRCBRANCH not being passed to params
Tyler Hicks (1):
kernel-devicetree: Fix intermittent build failures caused by DTB builds
Vacek, Patrick (1):
oeqa/core/loader: fix regex to include numbers
Vasyl Vavrychuk (1):
runqemu: Check gtk or sdl option is passed together with gl or gl-es options.
Victor Kamensky (1):
qemu: change TLBs number to 64 in 34Kf mips cpu model
Vijai Kumar K (2):
image_types_wic: Add ASSUME_PROVIDED to WICVARS
wic: misc: Add /bin to the list of searchpaths
Viktor Rosendahl (1):
boost: backport fix to make async_pipes work with asio
Wang Mingyu (2):
libdrm: upgrade 2.4.100 -> 2.4.101
xserver-xorg: upgrade 1.20.7 -> 1.20.8
Yann Dirson (1):
package: get_package_mapping: avoid dependency mapping if renamed package provides original name
Yann E. MORIN (2):
common-licenses: add bzip2-1.0.4
recipes-core/busybox: fixup licensing information
Yi Zhao (1):
bind: upgrade 9.11.19 -> 9.11.21
Yoann Congal (1):
bitbake-bblayers/create: Make the example recipe print its message
Yongxin Liu (5):
linux-firmware: add ice for Intel E800 series driver
linux-firmware: fix the wrong file path for ibt-misc
linux-firmware: move ibt-misc to the end of ibt packages
grub: fix several CVEs in grub 2.04
grub: clean up CVE patches
Zhixiong Chi (1):
gnutls: CVE-2020-24659
akash hadke (1):
systemd: udev SECLABEL{selinux} crash fix
akuster (4):
bind: update to 9.11.19
bitbake: test/fetch: change to better svn source
glibc: whitelist CVE-2010-10029
cve-check.bbclass: always save cve report
haiqing (1):
libpam: Remove option 'obscure' from common-password
hongxu (2):
core-image-minimal-initramfs: keep restriction with initramfs-module-install
sysstat: fix installed-vs-shipped QA Issue in systemd
wenlin.kang@windriver.com (1):
populate_sdk_base.bbclass: fix warning: name not matched
zhengruoqin (4):
make-mod-scripts: Fix dependence error.
libtirpc: upgrade 1.2.5 -> 1.2.6
gnutls: Fix krb5 code license to GPLv2.1+ to match the LICENSE file.
ruby: upgrade 2.7.0 -> 2.7.1
meta-openembedded: e413c1ef62..f2d02cb71e:
Adrian Bunk (4):
unicode-ucd: Stop broken license downloading
postfix: Upgrade 3.4.10 -> 3.4.12
python3-docutils: Remove, moved to OE-core
gnome-settings-daemon: Remove duplicate outdated SRC_URI hashes
Alex Kiernan (1):
zstd: Upgrade 1.4.4 -> 1.4.5
Alistair Francis (1):
python3-obd: Add missing setuptools RDEPENDS
Anatol Belski (1):
chrony: Patch CVE-2020-14367
Andreas Müller (11):
gexiv2: upgrade 0.12.0 -> 0.12.1
thunar: upgrade 1.8.14 -> 1.8.15
fluidsynth: upgrade 2.1.2 -> 2.1.3
libblockdev: upgrade 2.23 -> 2.24
openh264: upgrade 2.1.0 -> 2.1.1
tcpreplay: upgrade 4.3.2 -> 4.3.3
blueman: upgrade 2.1.1 -> 2.1.3
modemmanager: upgrade 1.12.10 -> 1.12.12
ibus: upgrade 1.5.21 -> 1.5.22
exiv2: upgrade 0.27.1 -> 0.27.3
gnome-settings-daemon: Remove wrong RDEPEND
Andrew Geissler (1):
nlohmann-json: backport gcc10 fix
Armin Kuster (9):
tremor: update SRC_URI as project moved to gitlab
ntp: update 4.2.8p15
net-snmp: Security fix CVE-2019-20892
wireshark: Update to 3.2.5
Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"
jsoncpp: add PE do to revert to older PV
vlc: fix loop initial declarations are only allowed in C99 mode
babl-native: fix build issue
gnome-settings-daemon: Backport 3.36 fix for building without wayland
Bog999 (1):
python3: Add python3-cryptography to RDEPENDS for python3-redis
Changqing Li (4):
python-django: add RDEPENDS
python-m2crypto: Add RDEPENDS
libmcrypt: set CLEANBROKEN
radvd: add /etc/radvd.conf
Christian Eggers (1):
linuxptp: Fix segmentation fault on 32 bit platforms with 64 bit time_t
Christoph Steiger (1):
python-periphery: Add python-mmap to RDEPENDS
Denys Dmytriyenko (2):
python3-pycryptodome(x): moved to OE-Core, remove from meta-python
python3-pyelftools: moved to OE-Core, remove from meta-python
Diego Rondini (5):
README: fix incorrect links
gvfs: adjust fuse packageconfig to fuse3
libeigen: update SRC_URI to download from gitlab
libeigen: update SRC_URI to use gitlab git
hplip: use libexecdir
Domarys Correa (2):
python3-jinja2: Update 2.11.1 -> 2.11.2
python3-pyyaml: Update 5.3 -> 5.3.1
Gianluca Pacchiella (1):
Add missing dependencies for rsnapshot.
Hongxu Jia (2):
multipath-tools: fix compiling parallel issue
python3-pykwalify: fix missing comma
Julius Hemanth Pitti (1):
netkit-telnetd: Fix buffer overflow in netoprintf
Kai Kang (6):
xfconf: 4.14.2 -> 4.14.3
thunar: 1.8.12 -> 1.8.14
catfish: 1.4.11 -> 1.4.13
plymouth: disable systemd-integration for sysvinit
lvm2: remove service template from SYSTEMD_SERVICE
rdist: fix parallel build
Khem Raj (10):
netplan: Depend on systemd if it is in distro
uim: Add patch to fix -fno-common link error
postfix: Upgrade to 3.4.10 and compile with -fcommon
safec: Update to latest on 3.5.1 release tags
nss: Remove mcpu to avoid march conflicts
samba: Fix conflicts with nss.h from glibc
flashrom: Fix build failure with glibc 2.32
iwd: Upgrade to 1.9
ssmtp: Use update alternatives for conflicts with esmtp
ubi-utils-klibc: Remove trailing slash from S
Konrad Weihmann (10):
passwdqc: remove double modify operation
sound-theme-freedesktop: remove double depends
python3-cmd2: remove double colorama in RDEPENDS
python3-smbus2: remove duplicate RDEPENDS settings
python3-twisted: remove double var modification
proftpd: Fix typo for SRC_URI[md5sum]
netkit-rsh: properly append PACKAGECONFIG
zile: properly append PACKAGECONFIG
libtalloc: fix upstream url
openldap: packaging fixes
Lee Chee Yang (2):
glog : improve reproducibility
libgphoto2: improve reproducibility
Leon Anavi (8):
python3-gmqtt: Upgrade to 0.6.5
python3-appdirs: Upgrade to 1.4.4
python3-pandas: Upgrade 1.0.1 -> 1.0.3
python3-parallax: Upgrade 1.0.5 -> 1.0.6
python3-openpyxl: Upgrade 2.6.3 -> 3.0.3
python3-colorama: Upgrade 0.4.1 -> 0.4.3
python3-sqlalchemy: Upgrade 1.3.12 -> 1.3.17
python3-pandas: Upgrade 1.0.3 -> 1.0.5
Maciej Pijanowski (1):
qpdf: fix typo in RDEPENDS
Mark Jonas (1):
python3-pyinotify: Add missing ctypes dependency
Martin Jansa (6):
irssi: package libirc_proxy.a in PN-staticdev
meta-python: depend on core version 12 or higher
lcov: fix lcov-native build
netkit-rsh: inherit update-alternatives
ssmtp: adjust u-a
remmina: use git fetcher
Mingli Yu (5):
python3-m2crypto: add the missing rdepends
freeradius: fix the existed certificate error
freeradius: fix the occasional verification failure
smartmontools: Remove obsolete setting regarding the Standard Output
strongswan: Remove obsolete setting regarding the Standard Output
Oleksandr Kravchuk (1):
iwd: update to 1.8
Ovidiu Panait (3):
freediameter: Fix testcnx ptest failure
nss: Fix CVE-2020-12399
net-snmp: Fix CVE-2020-15861 and CVE-2020-15862
Patrick Williams (1):
net-snmp: refresh patches
Paul Eggleton (1):
protobuf-c: disable parallelism to avoid race condition
Pierre-Jean Texier (15):
librsync: upgrade 2.3.0 -> 2.3.1
ser2net: fix upstream check URL
ser2net: upgrade 4.1.5 -> 4.1.8
zchunk: upgrade 1.1.5 -> 1.1.6
uriparser: upgrade 0.9.3 -> 0.9.4
jsoncpp: upgrade 1.9.2 -> 1.9.3
jpnevulator: upgrade 2.3.4 -> 2.3.5
libnftnl: upgrade 1.1.6 -> 1.1.7
nftables: upgrade 0.9.4 -> 0.9.5
haveged: upgrade 1.9.8 -> 1.9.9
rsnapshot: upgrade 1.4.2 -> 1.4.3
fuse3: upgrade 3.9.1 -> 3.9.2
minicoredumper: update SRC_URI to use github instead
iwd: upgrade 1.6 -> 1.7
haveged: upgrade 1.9.9 -> 1.9.13
Qi.Chen@windriver.com (2):
python-django: set CVE_PRODUCT to be django
multipath-tools: disable parallel build as a workaround
Robert Joslyn (1):
postgresql: Update to 12.4
Robert Yang (2):
drbd-utils: Add CLEANBROKEN to fix rebuild errors
crda: rdepends on wireless-regdb-static
Ross Burton (1):
mpv: fetch waf in do_fetch
Ryan Rowe (1):
python3-pint: add setuptools and packaging to RDEPENDS
Trevor Gamblin (1):
python3-iso8601: add python3-numbers to RDEPENDS
Ulrich Ölmann (1):
usb-modeswitch, usb-modeswitch-data: fix usrmerge
Wang Mingyu (7):
jansson: upgrade 2.12 -> 2.13.1
openldap: upgrade 2.4.49 -> 2.4.50
python3-pycparser: upgrade 2.19 -> 2.20
cryptsetup: upgrade 2.3.1 -> 2.3.2
postgresql: 12.2 -> 12.3
openipmi: upgrade 2.0.28 -> 2.0.29
twm: upgrade 1.0.10 -> 1.0.11
Yanfei Xu (1):
turbostat: fix the build failure for new v5.7-rc6 kernel
Yi Zhao (4):
apache2: create log/run directory via pkg_postinst
samba: upgrade 4.10.15 -> 4.10.17
libldb: upgrade 1.5.7 -> 1.5.8
samba: upgrade 4.10.17 -> 4.10.18
Yue Tao (1):
lua: Security Advisory - lua - CVE-2020-15888
Zang Ruochen (12):
dnsmasq: upgrade 2.80 -> 2.81
fetchmail: upgrade 6.4.3 -> 6.4.4
libgphoto2: upgrade 2.5.24 -> 2.5.25
mosquitto: upgrade 1.6.9 -> 1.6.10
snort: upgrade 2.9.15 -> 2.9.16
wireshark: upgrade 3.2.2 -> 3.2.4
proj: upgrade 7.0.0 -> 7.0.1
libvpx: upgrade 1.8.1 -> 1.8.2
mm-common: upgrade 1.0..0 -> 1.0.1
nftables: upgrade 0.9.5 -> 0.9.6
wireshark: upgrade 3.2.5 -> 3.2.6
wireshark: upgrade 3.2.6 -> 3.2.7
Zheng Ruoqin (11):
dstat: Fix runtime error that depend python.
kea: upgrade 1.7.6 -> 1.7.7
libqmi: upgrade 1.24.8 -> 1.24.12
nano: upgrade 4.9.2 -> 4.9.3
gsoap: upgrade 2.8.100 -> 2.8.103
logwatch: upgrade 7.5.1 -> 7.5.3
libnet-dns-perl: upgrade 1.23 -> 1.24
Fix build error when enable multilib.
mraa: Disable python2, otherwise, there is a build error when enable multilib.
paho-mqtt-c: Fix build error when enable multilib.
upm:Fix build error when enable multilib.
meta-security: d83f7cb0c9..c74cc97641:
Adrian (1):
gitignore added
Alexander Kanavin (1):
apparmor: pull in coreutils/findutils only when not using systemd as init manager
Armin Kuster (15):
isafw.bbclass: typo in layer name
trousers: Several Security fixes
gitlab-ci: add support for dunfell
packagegroup-core-security-ptest: update fail2ban ptest pkg name
packagegroup-core-security: remove clamav for riscv*
libsecomp: rv32/rv64 target builds are not supported yet
packagegroup-core-security: remove libseccomp for riscv*
packagegroup-core-security: dont include suricata on riscv or ppc
apparmor: exclude mips64, not supported
apparmor: fix build issue with ptest enabled.
packagegroup-core-security: remove clamav from musl image
ibmswtpm2: fix QA warning
README: updated branch for Dunfell
apparmor: fix issue with older use of shell in make
apparmor: fix QA warning with systemd enabled
Charlie Davies (2):
clamav: add INSTALL_CLAMAV_CVD flag to do_install
clamav: update SO_VER to 9.0.4
Jeremy Puhlman (4):
clamav: resolve multilib issues
tripwire: Remove makefiles from the man directories.
cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-dev
packagegroup-security-tpm2: Depend on preferred provider for cryptsetup
Jonatan Pålsson (1):
sssd: Make manpages buildable
Kai Kang (1):
sssd: disable build secrets
Mingli Yu (1):
scap-security-guide: add expat-native to DEPENDS
Naveen Saini (3):
initramfs-framework/dmverity: add retry loop for slow boot devices
wic: add wks.in for intel dm-verity
linux-%/5.x: Add dm-verity fragment as needed
Sajjad Ahmed (1):
layer.conf: use += instead of := to update BBFILES
Zheng Ruoqin (2):
ccs-tools:Fix build error when enable multilib.
bastille: Deleted redundant inherit to fix error when enable multilib.
niko.mauno@vaisala.com (12):
dm-verity-img.bbclass: Fix bashisms
dm-verity-img.bbclass: Reorder parse-time check
dm-verity-image-initramfs: Ensure verity hash sync
dm-verity-image-initramfs: Bind at do_image instead
linux-yocto(-dev): Add dm-verity fragment as needed
dm-verity-img.bbclass: Stage verity.env file
initramfs-framework: Add dmverity module
dm-verity-image-initramfs: Use initramfs-framework
dm-verity-initramfs-image: Cosmetic improvements
dm-verity-image-initramfs: Add base-passwd package
dm-verity-image-initramfs: Drop locales from image
beaglebone-yocto-verity.wks.in: Refer IMGDEPLOYDIR
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I9d46472961318a9060013505d7cb5df46b4ea38a
Diffstat (limited to 'poky/meta/recipes-connectivity')
22 files changed, 379 insertions, 18 deletions
diff --git a/poky/meta/recipes-connectivity/avahi/avahi.inc b/poky/meta/recipes-connectivity/avahi/avahi.inc index 94fe6a16b6..6acedb5412 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi.inc +++ b/poky/meta/recipes-connectivity/avahi/avahi.inc @@ -77,6 +77,11 @@ do_install() { rm -rf ${D}${datadir}/dbus-1/interfaces test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 rm -rf ${D}${libdir}/avahi + + # Move example service files out of /etc/avahi/services so we don't + # advertise ssh & sftp-ssh by default + install -d ${D}${docdir}/avahi + mv ${D}${sysconfdir}/avahi/services/* ${D}${docdir}/avahi } PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb index 24523c7f81..f6e3afb24e 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb @@ -14,7 +14,7 @@ LICENSE_libavahi-gobject = "LGPLv2.1+" LICENSE_avahi-daemon = "LGPLv2.1+" LICENSE_libavahi-common = "LGPLv2.1+" LICENSE_libavahi-core = "LGPLv2.1+" -LICENSE_avahi-client = "LGPLv2.1+" +LICENSE_libavahi-client = "LGPLv2.1+" LICENSE_avahi-dnsconfd = "LGPLv2.1+" LICENSE_libavahi-glib = "LGPLv2.1+" LICENSE_avahi-autoipd = "LGPLv2.1+" diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.22.bb index 4e64171cc1..3b4a299b36 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.11.22.bb @@ -1,9 +1,9 @@ SUMMARY = "ISC Internet Domain Name Server" -HOMEPAGE = "http://www.isc.org/sw/bind/" +HOMEPAGE = "https://www.isc.org/bind/" SECTION = "console/network" LICENSE = "ISC & BSD" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bf39058a7f64b2a934ce14dc9ec1dd45" DEPENDS = "openssl libcap zlib" @@ -20,8 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[md5sum] = "17de0d024ab1eac377f1c2854dc25057" -SRC_URI[sha256sum] = "fd3f3cc9fcfcdaa752db35eb24598afa1fdcc2509d3227fc90a8631b7b400f7d" +SRC_URI[sha256sum] = "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index 150d909d73..f34ba0dce5 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -42,8 +42,8 @@ PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis" PACKAGECONFIG[tools] = "--enable-tools,--disable-tools" PACKAGECONFIG[threads] = "--enable-threads,--disable-threads" PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" -PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell" -PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell" +PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell" +PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell" PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.54.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.55.bb index 260eee1402..8190924562 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.54.bb +++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.55.bb @@ -1,7 +1,7 @@ require bluez5.inc -SRC_URI[md5sum] = "e637feb2dbb7582bbbff1708367a847c" -SRC_URI[sha256sum] = "68cdab9e63e8832b130d5979dc8c96fdb087b31278f342874d992af3e56656dc" +SRC_URI[md5sum] = "94972b8bc7ade60c72b0ffa6ccff2c0a" +SRC_URI[sha256sum] = "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e0894e9b88" # noinst programs in Makefile.tools that are conditional on READLINE # support diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2_5.5.0.bb b/poky/meta/recipes-connectivity/iproute2/iproute2_5.5.0.bb index ad0ab13c9a..7ad4b8eee6 100644 --- a/poky/meta/recipes-connectivity/iproute2/iproute2_5.5.0.bb +++ b/poky/meta/recipes-connectivity/iproute2/iproute2_5.5.0.bb @@ -9,4 +9,4 @@ SRC_URI[sha256sum] = "bac543435cac208a11db44c9cc8e35aa902befef8750594654ee71941c # CFLAGS are computed in Makefile and reference CCOPTS # -EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS} -fcommon'" +EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'" diff --git a/poky/meta/recipes-connectivity/iw/iw_5.4.bb b/poky/meta/recipes-connectivity/iw/iw_5.4.bb index 9f58e49709..96879a9689 100644 --- a/poky/meta/recipes-connectivity/iw/iw_5.4.bb +++ b/poky/meta/recipes-connectivity/iw/iw_5.4.bb @@ -2,7 +2,7 @@ SUMMARY = "nl80211 based CLI configuration utility for wireless devices" DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \ wireless devices. It supports almost all new drivers that have been added \ to the kernel recently. " -HOMEPAGE = "http://wireless.kernel.org/en/users/Documentation/iw" +HOMEPAGE = "https://wireless.wiki.kernel.org/en/users/documentation/iw" SECTION = "base" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774" diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/poky/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service index 603c33787f..fd81793d51 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service +++ b/poky/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service @@ -6,3 +6,4 @@ RequiresMountsFor=/var /run ExecStart=@LIBEXECDIR@/sshd_check_keys Type=oneshot RemainAfterExit=yes +Nice=10 diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb index d879efc201..fe94f30503 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb @@ -28,6 +28,10 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091" SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671" +# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 +# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded +CVE_CHECK_WHITELIST += "CVE-2014-9278" + PAM_SRC_URI = "file://sshd" inherit manpages useradd update-rc.d update-alternatives systemd @@ -43,12 +47,15 @@ SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" inherit autotools-brokensep ptest -PACKAGECONFIG ??= "" +PACKAGECONFIG ??= "rng-tools" PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" +# Add RRECOMMENDS to rng-tools for sshd package +PACKAGECONFIG[rng-tools] = "" + EXTRA_AUTORECONF += "--exclude=aclocal" # login path is hardcoded in sshd @@ -150,7 +157,10 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen" RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools" +RRECOMMENDS_${PN}-sshd_append_class-target = "\ + ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \ +" + # gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb index 66fa8f7d0a..815955837b 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb @@ -191,7 +191,9 @@ PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" FILES_libssl = "${libdir}/libssl${SOLIBS}" -FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" +FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ + ${libdir}/ssl-1.1/openssl.cnf* \ + " FILES_${PN}-engines = "${libdir}/engines-1.1" FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" FILES_${PN} =+ "${libdir}/ssl-1.1/*" @@ -202,6 +204,8 @@ CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" RRECOMMENDS_libcrypto += "openssl-conf" RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" +RDEPENDS_${PN}-bin += "openssl-conf" + BBCLASSEXTEND = "native nativesdk" CVE_PRODUCT = "openssl:openssl" diff --git a/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key Binary files differnew file mode 100644 index 0000000000..30443c9438 --- /dev/null +++ b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key diff --git a/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key new file mode 100644 index 0000000000..86c2104ec8 --- /dev/null +++ b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key @@ -0,0 +1,9 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS +1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRJR6iZxr/NTqQN9NOwV+WPtu42r2eF +rJ0xsnlqw5bpmfz6aDR8RQvVHUZjRGQfR/RXPbQ5x+bjjdm176TuXNhHAAAAqAoE27MKBN +uzAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA30 +07BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2E +cAAAAgLiHv/IWhxwosz9BiNILOOPlXaueL5hVTBKUJkpOi48sAAAANcm9vdEBxZW11bWlw +cwECAw== +-----END OPENSSH PRIVATE KEY----- diff --git a/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub new file mode 100644 index 0000000000..a358aeb88a --- /dev/null +++ b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA3007BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2Ec= root@qemupregen diff --git a/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key new file mode 100644 index 0000000000..00ed9adae2 --- /dev/null +++ b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbwAAAJChFtV0oRbV +dAAAAAtzc2gtZWQyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbw +AAAEA8UiUsygsTbP0HkDi5leXpQaVXihDyCHeitkBCItJGhcdIVMBsnc5N3WvUTwbkmV4K +awkSlAeZ1Ma0xxirBZtvAAAADXJvb3RAcWVtdW1pcHM= +-----END OPENSSH PRIVATE KEY----- diff --git a/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub new file mode 100644 index 0000000000..cc0e2f43ed --- /dev/null +++ b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdIVMBsnc5N3WvUTwbkmV4KawkSlAeZ1Ma0xxirBZtv root@qemupregen diff --git a/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key new file mode 100644 index 0000000000..a8e4406ba3 --- /dev/null +++ b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEA2Q6dzF1xziCQCFq+e+Fv6w0607gNlyKnkhuoRq8G7/HEqXU2eEtC +i3AMUrAP8k7s9kP5vI5CyfSgFuC9MxDV2YL2bsmvRxBSKgg6KbNxkoTaFBqyqHopuWQca8 +KRahvzt5dh9fsmeqamIwgMWKTSwtDHcsbyt84nmO2Z2ZrNXobgueMIj+HiJVgmWn86FQFL +EoONAA+qb4SciPsxvmTlaQ/DMAh3llVo/IMLD9oyAyAI2kbHNnZttlYv5TmY7ICd3yCW8z +PXrxNcEF3Qs1d68gVJxLjLKTlYGzJW2J+RwY+1DJZ0w4lozeQiZXTXVtzcJB0tm2DcvQMz +kqyARmncSUwcPbEClEW6Y2xQnLeSHjexzlCCndiUbBTeG5iRl4OL6DN40iI9Lw2VROtj2Y +59n9PCfaoUs08dsgJLaNrDbRHrCRLSdZJ6OQFiC/nAx/t4e4+wdUgNOqLyJqomdNdaLXPq +tzr9ssrcY5j1DmmwKtzfTI5VM9LRQo+REIiUCNTFAAAFiFh232tYdt9rAAAAB3NzaC1yc2 +EAAAGBANkOncxdcc4gkAhavnvhb+sNOtO4DZcip5IbqEavBu/xxKl1NnhLQotwDFKwD/JO +7PZD+byOQsn0oBbgvTMQ1dmC9m7Jr0cQUioIOimzcZKE2hQasqh6KblkHGvCkWob87eXYf +X7JnqmpiMIDFik0sLQx3LG8rfOJ5jtmdmazV6G4LnjCI/h4iVYJlp/OhUBSxKDjQAPqm+E +nIj7Mb5k5WkPwzAId5ZVaPyDCw/aMgMgCNpGxzZ2bbZWL+U5mOyAnd8glvMz168TXBBd0L +NXevIFScS4yyk5WBsyVtifkcGPtQyWdMOJaM3kImV011bc3CQdLZtg3L0DM5KsgEZp3ElM +HD2xApRFumNsUJy3kh43sc5Qgp3YlGwU3huYkZeDi+gzeNIiPS8NlUTrY9mOfZ/Twn2qFL +NPHbICS2jaw20R6wkS0nWSejkBYgv5wMf7eHuPsHVIDTqi8iaqJnTXWi1z6rc6/bLK3GOY +9Q5psCrc30yOVTPS0UKPkRCIlAjUxQAAAAMBAAEAAAGAGIj+bUtiwdoMbeVUAszIydkE/U +mgv6S7LFjT/KlsL1M017LYJWDcdMaFnhMouksRngSxBg9OnWV5cxyURmFwytVy5bMGjRHb +N8UWTgBqphU+UWdzKngkn0AhtkyYA1aFhgsml5d8EgEkZnFSc/KtoDfZU7AJX519/FtfOK +m27Shx3pE7Nohh97avHyuidR1gTwdvuMIMke57g0BhrxPYmredaKCMZAHjjCeD6JbRcGj+ +ly3I9u8MF8BGSbLpBlLDUFCwP8G5CdmMua8bPJYhPSRqMLQhclI7hc6FaYk+gZV9B74Iv/ +SAxcCwI97dNbE0IAsbbWoUdoKGpAYQ5gOdhu5ioqZwKWjNjB3Xx48mq8xtmIR9HEnYzEnk +b/tDWNRWrGkvNK7vpLvnbsSSKBqOAbMzmQdJxogTgjE5doSmu2/krIMR6KUcUox2ZrR8Ot +JM6bXyNFBviiXmYvw/SZTDrVJu8BPMu5EMS5pBl8jPFBGI/ePk4qg7lWAJeQ89ThtBAAAA +wQDEU4HjomWwJsn9UWdoodXTV5aPY9B1OPkmYnRPtsjSAcXgtBzUXMEOsmXODOK3aQjsE0 +jQKpWDAUcUf6KKZKRehxUN4MlwujCG9czn65S6B8BsP1YUfZQjpNyub8vDBfeKzlxKBEEM +lb4iBT+LEGkihK13H5CbqRg1GDAThZzwrV4pj3S40zgyHhn8JjK4x4djEY6NwkWH8E2DgD +8vYG/FKh5E/VIZtCgtAHa4QNAgGB4VMRn1VpSJzxjCxb1wancAAADBAPT7F34WYEI3Vc52 +p1U5rPa6dZtg5QM14V0+KtMlb3frd0/F+JVj4t6COQ8J9pkOuD0YjOYJuFXIWAAYIjCdWt +cbTi/sSERawOWxrgSwJo2vjt5izrBQtr3N8tiB6KDGa5sdgJl5XzJ0SsdStfBbyhcJO4RV +p9lc+X8OsUfFsClmyIs45vlxBRH06DP6/zmYCAmqvlrfZJKqlpKAEWDDObRy/3+mSNhZ0J +BdmncASiASRlPPIoIHznyA1COUn6+TnwAAAMEA4tH89Dez2JauyPVeCyHAC680vrBKjmMx +WYdpq2Xzd/LNl2L9oc0IEZzerLTuaCh6qsbbk2wWj1nrYXvefz/xUtDR427tvRXckcsWhP +2HYohdYBkwTpp9QuscIV76GdwbTImuNEzvABH1hpTG6DSzqeyf/EVmSq07nptJIs5lpU49 +tW2aWraSvswHR9xfts1U79w9f4BNDy1rTmfuLERTRNF/T9CIFsk9tArLUNT64mhHtoEs8F +9AyGuq6v49bN0bAAAADXJvb3RAcWVtdW1pcHMBAgMEBQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub new file mode 100644 index 0000000000..9eb8c3838f --- /dev/null +++ b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZDp3MXXHOIJAIWr574W/rDTrTuA2XIqeSG6hGrwbv8cSpdTZ4S0KLcAxSsA/yTuz2Q/m8jkLJ9KAW4L0zENXZgvZuya9HEFIqCDops3GShNoUGrKoeim5ZBxrwpFqG/O3l2H1+yZ6pqYjCAxYpNLC0MdyxvK3zieY7ZnZms1ehuC54wiP4eIlWCZafzoVAUsSg40AD6pvhJyI+zG+ZOVpD8MwCHeWVWj8gwsP2jIDIAjaRsc2dm22Vi/lOZjsgJ3fIJbzM9evE1wQXdCzV3ryBUnEuMspOVgbMlbYn5HBj7UMlnTDiWjN5CJldNdW3NwkHS2bYNy9AzOSrIBGadxJTBw9sQKURbpjbFCct5IeN7HOUIKd2JRsFN4bmJGXg4voM3jSIj0vDZVE62PZjn2f08J9qhSzTx2yAkto2sNtEesJEtJ1kno5AWIL+cDH+3h7j7B1SA06ovImqiZ011otc+q3Ov2yytxjmPUOabAq3N9MjlUz0tFCj5EQiJQI1MU= root@qemupregen diff --git a/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb new file mode 100644 index 0000000000..ddd10e6eeb --- /dev/null +++ b/poky/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb @@ -0,0 +1,19 @@ +SUMMARY = "Pre generated host keys mainly for speeding up our qemu tests" + +SRC_URI = "file://dropbear_rsa_host_key \ + file://openssh" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +INHIBIT_DEFAULT_DEPS = "1" + +do_install () { + install -d ${D}${sysconfdir}/dropbear + install ${WORKDIR}/dropbear_rsa_host_key -m 0600 ${D}${sysconfdir}/dropbear/ + + install -d ${D}${sysconfdir}/ssh + install ${WORKDIR}/openssh/* ${D}${sysconfdir}/ssh/ + chmod 0600 ${D}${sysconfdir}/ssh/* + chmod 0644 ${D}${sysconfdir}/ssh/*.pub +}
\ No newline at end of file diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch new file mode 100644 index 0000000000..53ad5d028a --- /dev/null +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch @@ -0,0 +1,151 @@ +From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Wed, 3 Jun 2020 23:17:35 +0300 +Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to + other networks + +The UPnP Device Architecture 2.0 specification errata ("UDA errata +16-04-2020.docx") addresses a problem with notifications being allowed +to go out to other domains by disallowing such cases. Do such filtering +for the notification callback URLs to avoid undesired connections to +external networks based on subscriptions that any device in the local +network could request when WPS support for external registrars is +enabled (the upnp_iface parameter in hostapd configuration). + +Upstream-Status: Backport +CVE: CVE-2020-12695 patch #1 +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/wps/wps_er.c | 2 +- + src/wps/wps_upnp.c | 38 ++++++++++++++++++++++++++++++++++++-- + src/wps/wps_upnp_i.h | 3 ++- + 3 files changed, 39 insertions(+), 4 deletions(-) + +Index: wpa_supplicant-2.9/src/wps/wps_er.c +=================================================================== +--- wpa_supplicant-2.9.orig/src/wps/wps_er.c ++++ wpa_supplicant-2.9/src/wps/wps_er.c +@@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, con + "with %s", filter); + } + if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text, +- er->mac_addr)) { ++ NULL, er->mac_addr)) { + wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address " + "for %s. Does it have IP address?", er->ifname); + wps_er_deinit(er, NULL, NULL); +Index: wpa_supplicant-2.9/src/wps/wps_upnp.c +=================================================================== +--- wpa_supplicant-2.9.orig/src/wps/wps_upnp.c ++++ wpa_supplicant-2.9/src/wps/wps_upnp.c +@@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct + } + + ++static int local_network_addr(struct upnp_wps_device_sm *sm, ++ struct sockaddr_in *addr) ++{ ++ return (addr->sin_addr.s_addr & sm->netmask.s_addr) == ++ (sm->ip_addr & sm->netmask.s_addr); ++} ++ ++ + /* subscr_addr_add_url -- add address(es) for one url to subscription */ + static void subscr_addr_add_url(struct subscription *s, const char *url, + size_t url_len) +@@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct s + + for (rp = result; rp; rp = rp->ai_next) { + struct subscr_addr *a; ++ struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr; + + /* Limit no. of address to avoid denial of service attack */ + if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) { +@@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct s + break; + } + ++ if (!local_network_addr(s->sm, addr)) { ++ wpa_printf(MSG_INFO, ++ "WPS UPnP: Ignore a delivery URL that points to another network %s", ++ inet_ntoa(addr->sin_addr)); ++ continue; ++ } ++ + a = os_zalloc(sizeof(*a) + alloc_len); + if (a == NULL) + break; +@@ -889,11 +905,12 @@ static int eth_get(const char *device, u + * @net_if: Selected network interface name + * @ip_addr: Buffer for returning IP address in network byte order + * @ip_addr_text: Buffer for returning a pointer to allocated IP address text ++ * @netmask: Buffer for returning netmask or %NULL if not needed + * @mac: Buffer for returning MAC address + * Returns: 0 on success, -1 on failure + */ + int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text, +- u8 mac[ETH_ALEN]) ++ struct in_addr *netmask, u8 mac[ETH_ALEN]) + { + struct ifreq req; + int sock = -1; +@@ -919,6 +936,19 @@ int get_netif_info(const char *net_if, u + in_addr.s_addr = *ip_addr; + os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr)); + ++ if (netmask) { ++ os_memset(&req, 0, sizeof(req)); ++ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name)); ++ if (ioctl(sock, SIOCGIFNETMASK, &req) < 0) { ++ wpa_printf(MSG_ERROR, ++ "WPS UPnP: SIOCGIFNETMASK failed: %d (%s)", ++ errno, strerror(errno)); ++ goto fail; ++ } ++ addr = (struct sockaddr_in *) &req.ifr_netmask; ++ netmask->s_addr = addr->sin_addr.s_addr; ++ } ++ + #ifdef __linux__ + os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name)); + if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) { +@@ -1025,11 +1055,15 @@ static int upnp_wps_device_start(struct + + /* Determine which IP and mac address we're using */ + if (get_netif_info(net_if, &sm->ip_addr, &sm->ip_addr_text, +- sm->mac_addr)) { ++ &sm->netmask, sm->mac_addr)) { + wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address " + "for %s. Does it have IP address?", net_if); + goto fail; + } ++ wpa_printf(MSG_DEBUG, "WPS UPnP: Local IP address %s netmask %s hwaddr " ++ MACSTR, ++ sm->ip_addr_text, inet_ntoa(sm->netmask), ++ MAC2STR(sm->mac_addr)); + + /* Listen for incoming TCP connections so that others + * can fetch our "xml files" from us. +Index: wpa_supplicant-2.9/src/wps/wps_upnp_i.h +=================================================================== +--- wpa_supplicant-2.9.orig/src/wps/wps_upnp_i.h ++++ wpa_supplicant-2.9/src/wps/wps_upnp_i.h +@@ -128,6 +128,7 @@ struct upnp_wps_device_sm { + u8 mac_addr[ETH_ALEN]; /* mac addr of network i.f. we use */ + char *ip_addr_text; /* IP address of network i.f. we use */ + unsigned ip_addr; /* IP address of network i.f. we use (host order) */ ++ struct in_addr netmask; + int multicast_sd; /* send multicast messages over this socket */ + int ssdp_sd; /* receive discovery UPD packets on socket */ + int ssdp_sd_registered; /* nonzero if we must unregister */ +@@ -158,7 +159,7 @@ struct subscription * subscription_find( + const u8 uuid[UUID_LEN]); + void subscr_addr_delete(struct subscr_addr *a); + int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text, +- u8 mac[ETH_ALEN]); ++ struct in_addr *netmask, u8 mac[ETH_ALEN]); + + /* wps_upnp_ssdp.c */ + void msearchreply_state_machine_stop(struct advertisement_state_machine *a); diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch new file mode 100644 index 0000000000..59640859dd --- /dev/null +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch @@ -0,0 +1,62 @@ +From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Wed, 3 Jun 2020 22:41:02 +0300 +Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL + path + +More than about 700 character URL ended up overflowing the wpabuf used +for building the event notification and this resulted in the wpabuf +buffer overflow checks terminating the hostapd process. Fix this by +allocating the buffer to be large enough to contain the full URL path. +However, since that around 700 character limit has been the practical +limit for more than ten years, start explicitly enforcing that as the +limit or the callback URLs since any longer ones had not worked before +and there is no need to enable them now either. + +Upstream-Status: Backport +CVE: CVE-2020-12695 patch #2 +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/wps/wps_upnp.c | 9 +++++++-- + src/wps/wps_upnp_event.c | 3 ++- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c +index 7d4b7439940e..ab685d52ecab 100644 +--- a/src/wps/wps_upnp.c ++++ b/src/wps/wps_upnp.c +@@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url, + int rerr; + size_t host_len, path_len; + +- /* url MUST begin with http: */ +- if (url_len < 7 || os_strncasecmp(url, "http://", 7)) ++ /* URL MUST begin with HTTP scheme. In addition, limit the length of ++ * the URL to 700 characters which is around the limit that was ++ * implicitly enforced for more than 10 years due to a bug in ++ * generating the event messages. */ ++ if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) { ++ wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL"); + goto fail; ++ } + url += 7; + url_len -= 7; + +diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c +index d7e6edcc6503..08a23612f338 100644 +--- a/src/wps/wps_upnp_event.c ++++ b/src/wps/wps_upnp_event.c +@@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e) + struct wpabuf *buf; + char *b; + +- buf = wpabuf_alloc(1000 + wpabuf_len(e->data)); ++ buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) + ++ wpabuf_len(e->data)); + if (buf == NULL) + return NULL; + wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path); +-- +2.20.1 diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch new file mode 100644 index 0000000000..8a014ef28a --- /dev/null +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch @@ -0,0 +1,50 @@ +From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Thu, 4 Jun 2020 21:24:04 +0300 +Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more + properly + +While it is appropriate to try to retransmit the event to another +callback URL on a failure to initiate the HTTP client connection, there +is no point in trying the exact same operation multiple times in a row. +Replve the event_retry() calls with event_addr_failure() for these cases +to avoid busy loops trying to repeat the same failing operation. + +These potential busy loops would go through eloop callbacks, so the +process is not completely stuck on handling them, but unnecessary CPU +would be used to process the continues retries that will keep failing +for the same reason. + +Upstream-Status: Backport +CVE: CVE-2020-12695 patch #2 +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/wps/wps_upnp_event.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c +index 08a23612f338..c0d9e41d9a38 100644 +--- a/src/wps/wps_upnp_event.c ++++ b/src/wps/wps_upnp_event.c +@@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s) + + buf = event_build_message(e); + if (buf == NULL) { +- event_retry(e, 0); ++ event_addr_failure(e); + return -1; + } + +@@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s) + event_http_cb, e); + if (e->http_event == NULL) { + wpabuf_free(buf); +- event_retry(e, 0); ++ event_addr_failure(e); + return -1; + } + +-- +2.20.1 diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb index 3e92427bb0..7cc03fef7d 100644 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb @@ -15,7 +15,7 @@ PACKAGECONFIG[openssl] = ",,openssl" inherit pkgconfig systemd -SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service" +SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service" SYSTEMD_AUTO_ENABLE = "disable" SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ @@ -25,7 +25,10 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://wpa_supplicant.conf-sane \ file://99_wpa_supplicant \ file://0001-replace-systemd-install-Alias-with-WantedBy.patch \ - file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \ + file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \ + file://0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \ + file://0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \ + file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \ " SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190" SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17" @@ -37,13 +40,13 @@ S = "${WORKDIR}/wpa_supplicant-${PV}" PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli" -FILES_${PN} += "${datadir}/dbus-1/system-services/*" +FILES_${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*" CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf" do_configure () { ${MAKE} -C wpa_supplicant clean install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config - + if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then ssl=openssl elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then |