diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2023-09-11 15:41:39 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2023-09-18 14:19:32 +0300 |
| commit | 5082cc7fedfff6c28a1406c79606b09012b134bc (patch) | |
| tree | bc994073c7289536f801a16ca7e20d21c05ad7b6 /poky/meta/recipes-devtools/perl | |
| parent | 2edf0648b7c401072e7183c7f9e0e7c437e5f3f0 (diff) | |
| download | openbmc-5082cc7fedfff6c28a1406c79606b09012b134bc.tar.xz | |
subtree updates openembedded poky
meta-openembedded: 491b7592f4..eff1b182c1:
Alejandro Hernandez Samaniego (1):
emacs: update to 29.1
Archana Polampalli (2):
python3-pyroute2: fix ptest failure
nodejs: upgrade 18.17.0 -> 18.17.1
Bartosz Golaszewski (1):
libgpiod: update to v2.0.2
Beniamin Sandu (3):
unbound: upgrade 1.17.1 -> 1.18.0
mbedtls: upgrade 3.4.0 -> 3.4.1
mbedtls: upgrade 2.28.3 -> 2.28.4
Benjamin Bara (3):
libvpx: fix VPXTARGET for non-neon armv7a
ne10: set incompatible for armv7 without neon
openh264: make neon optional and disable if not supported
Chaitanya Vadrevu (1):
bolt: Add recipe
Chen Qi (2):
spice-protocol: fix populate_sdk error when spice is installed
python3-blivetgui: switch from master to main
Christophe Vu-Brugier (1):
sg3-utils: upgrade 1.47 -> 1.48
Danik (2):
python3-gspread: interface for google spreadsheet
python3-piccata: piccata - a simple CoAP toolkit added
Denys Zagorui (1):
bpftool: add native and nativesdk support
Emil Kronborg Andersen (3):
lcms: add CVE_PRODUCT
snappy: add CVE_PRODUCT
libopus: add CVE_PRODUCT
Enrico Jorns (1):
microcom: add new recipe
Ewa Kujawska (1):
python3-oauth2client_4.1.2.bb: recipe added
Frieder Schrempf (1):
python3-can: Add missing runtime dependencies
Gianfranco Costamagna (1):
dlt-daemon: upgrade 2.18.9 -> 2.18.10 (commit: 0f2d4cfffada6f8448a2cb27995b38eb4271044f)
Joe Slater (1):
python3-inotify: fix tests
Justin Bronder (5):
python3-mypy-extensions: upgrade 0.4.3 -> 1.0.0
python3-types-setuptools: add 68.0.0.3
python3-typed-ast: remove EOL package
python3-types-psutil: add 5.9.5.16
python3-mypy: upgrade 0.971 -> 1.5.0
Kai Kang (1):
libmcrypt: fix multilib conflict
Khem Raj (31):
qad: Fix build with clang
python3-dominate: Fix get_thread_context ptest on musl
perfetto: Add SRCREV_FORMAT
gosu: Define SRCREV_FORMAT
libsdl2-ttf: Define SRCREV_FORMAT
gosu: Define SRCREV_FORMAT
sysdig: Add SRCREV_FORMAT
cockpit: Upgrade to 298 release
librelp: Fix function prototypes in tests
jemalloc: Unbolt clang workaroud
python3-protobuf: Fix build errors seen with clang
mariadb: Fix build with libfmt 10.1+
librelp: Add packageconfigs for TLS implementations
librelp: Fix ptests builds on musl
librelp: Fix ptest installs to work with dash
librelp: Add to meta-oe ptest image
liburing: Upgrade to 2.4 release
rsyslog: Enable openssl transport by default
libio-socket-ssl-perl: Upgrade to 2.083
libfaketime: Fix build with clang
libfaketime: Eanable LFS64 on musl
python3-lz4: Drop using PYTHON_PN
python3-lz4: Add missing rdeps needed for ptests
rsyslog: Skip failing omfile-outchannel test on musl
python3-m2crypto: Append architecture to SWIG_FEATURES instead of overriding
networkmanager: Fix build on musl
network-manager-applet: Fix build with musl/lld linker
networkmanager-openvpn: Fix build with lld on musl
openconnect: Upgrade to 9.12
openconnect: Fix build with GnuTLS v3.8.1
fontforge: Fix build with gettext 0.22
Kirk Hays (1):
jack: Drop dependency on readline
Leon Anavi (2):
aml: add new recipe
neatvnc: add new recipe
Marek Vasut (2):
libiio: Use tagged v0.25
libiio: Rename to versioned recipe filename
Marine Vovard (1):
python3-kivy: Require X11 or Wayland in DISTRO_FEATURES
Mark Hatle (1):
kconfig-frontends: Avoid using hard coded /usr/include paths
Markus Volk (28):
gvfs: update 1.51.1 -> 1.51.90
gnome-themes-extra: fix datadir path
libnice: add graphviz-native dependency
libcanberra: fix api-documentation build
libgweather4: fix api-documentation build
appstream: disable docs
gtksourceview5: fix api-documentation build
libpeas: fix api-documentation build
nautilus: fix api-documentation build
evince: fix api-documentation build
usbids: add recipe
libcacard: add recipe
usbredir: upgrade 0.9.0 -> 0.13.0
spice: upgrade 0.14.2 -> 0.15.2
gnome-remote-desktop: add recipe
libosinfo: add recipe
gnome-boxes: add recipe
pipewire: upgrade 0.3.77 -> 0.3.78
spice-gtk: fix api-documentation build
flatpak: fix api-documentation build
phodav: add recipe
libdecor: update to latest commit
spice-guest-vdagent: add recipe
pipewire: upgrade 0.3.78 -> 0.3.79
spice: add missing dependency on orc
spice-guest-vdagent: add missing dependencies
libosinfo: build vapi only if gobject-introspection is enabled
gnome-boxes: remove dependency on ovmf
Martin Jansa (12):
openh264: fix installed-vs-shared QA issue with multilib
libfaketime: simplify packaging
json-schema-validator: restore 0004-cmake-Use-GNUInstallDirs.patch
phodav: make sure systemd files are packaged correctly
sysbench: avoid -L/usr/lib32 and configure-unsafe QA issue
mongodb: enable hardware crc32 only with crc in TUNE_FEATURES
khronos-cts.inc: respect MLPREFIX when appending DEPENDS with anonymous python
libcyusbserial: fix installed-vs-shipped QA issue with multilib
tcpreplay: fix pcap detection with /usr/lib32 multilib
libiio: use main branch instead of master
webkitgtk: explicitly disable JIT for armv7* with softfp
layer.conf: update LAYERSERIES_COMPAT for nanbield
Ming Liu (1):
libusbgx: usbgx.service: use Type=oneshot
Mingli Yu (4):
mariadb: Upgrade to 10.11.5
dialog: Update the SRC_URI
gnulib: Update SRC_URI
thrift: Remove buildpaths
Nicolas Marguet (1):
librelp: add ptest
Parian Golchin (1):
json-schema-validator: Updrade to 2.2.0
Pawel Langowski (1):
qcbor: add recipe
Petr Chernikov (1):
Fix empty 0.0.0-0-g0 jemalloc version by adding --with-version
Petr Gotthard (1):
python3-sdbus: add recipe
Robert Yang (1):
frr: Fix CVE-2023-41358 and CVE-2023-41360
Roger Knecht (1):
python3-schedule: add recipe
Roland Hieber (1):
fbida: update Upstream-Status for submitted patches
Ross Burton (1):
Revert "protobuf: stage protoc binary to sysroot"
Soumya (1):
yasm: fix CVE-2023-37732
Soumya Sambu (1):
krb5: Upgrade 1.20.1 -> 1.20.2
Sourav Kumar Pramanik (1):
meta-oe-components: Avoid usage of nobranch=1
Sourav Pramanik (2):
rapidjson: Avoid usage of nobranch=1
nlohmann-json: Avoid usage of nobranch=1
Stanislav Angelovic (1):
feat: bump sdbus-c++ up to v1.3.0
Sudip Mukherjee (1):
qad: Add initial recipe
Trevor Gamblin (1):
python3-kivy: fix filename
Tymoteusz Burak (2):
ttf-google-fira: add recipe
libfaketime: add recipe
Vincent Davis Jr (1):
cglm: upgrade v0.8.9 -> v0.9.1
Wang Mingyu (108):
libcloudproviders: upgrade 0.3.1 -> 0.3.2
chrony: upgrade 4.3 -> 4.4
networkmanager: upgrade 1.42.8 -> 1.44.0
weechat: upgrade 4.0.2 -> 4.0.3
ctags: upgrade 6.0.20230730.0 -> 6.0.20230813.0
fmt: upgrade 10.0.0 -> 10.1.0
gensio: upgrade 2.6.7 -> 2.7.2
googletest: upgrade 1.13.0 -> 1.14.0
lvgl: upgrade 8.3.8 -> 8.3.9
postgresql: upgrade 15.3 -> 15.4
smartmontools: upgrade 7.3 -> 7.4
xdg-dbus-proxy: upgrade 0.1.4 -> 0.1.5
yaml-cpp: upgrade 0.7.0 -> 0.8.0
libtest-harness-perl: upgrade 3.44 -> 3.47
python3-alembic: upgrade 1.11.1 -> 1.11.2
python3-async-timeout: upgrade 4.0.2 -> 4.0.3
python3-bitarray: upgrade 2.8.0 -> 2.8.1
python3-cmake: upgrade 3.27.0 -> 3.27.2
python3-coverage: upgrade 7.2.7 -> 7.3.0
python3-dnspython: upgrade 2.4.1 -> 2.4.2
python3-google-api-python-client: upgrade 2.95.0 -> 2.96.0
python3-googleapis-common-protos: upgrade 1.59.1 -> 1.60.0
python3-joblib: upgrade 1.3.1 -> 1.3.2
python3-luma-oled: upgrade 3.12.0 -> 3.13.0
python3-platformdirs: upgrade 3.9.1 -> 3.10.0
python3-pycodestyle: upgrade 2.10.0 -> 2.11.0
python3-pyflakes: upgrade 3.0.1 -> 3.1.0
python3-pymisp: upgrade 2.4.173 -> 2.4.174
python3-rdflib: upgrade 6.3.2 -> 7.0.0
python3-regex: upgrade 2023.6.3 -> 2023.8.8
python3-rich: upgrade 13.4.2 -> 13.5.2
python3-sh: upgrade 2.0.4 -> 2.0.6
python3-tox: upgrade 4.6.4 -> 4.8.0
python3-tqdm: upgrade 4.65.0 -> 4.66.1
python3-uefi-firmware: upgrade 1.10 -> 1.11
python3-virtualenv: upgrade 20.24.2 -> 20.24.3
python3-web3: upgrade 6.7.0 -> 6.8.0
python3-yamlloader: upgrade 1.2.2 -> 1.3.2
python3-zeroconf: upgrade 0.71.4 -> 0.76.0
python3-protobuf: upgrade 4.23.4 -> 4.24.0
ctags: upgrade 6.0.20230813.0 -> 6.0.20230820.0
debootstrap: upgrade 1.0.128 -> 1.0.131
gensio: upgrade 2.7.2 -> 2.7.4
gnome-bluetooth: upgrade 42.5 -> 42.6
nginx: upgrade 1.25.1 -> 1.25.2
geary: update 44.0 -> 44.1
php: upgrade 8.2.8 -> 8.2.9
python3-redis: upgrade 4.6.0 -> 5.0.0
python3-alembic: upgrade 1.11.2 -> 1.11.3
python3-awesomeversion: upgrade 23.5.0 -> 23.8.0
python3-bitstring: upgrade 4.0.2 -> 4.1.0
python3-click: upgrade 8.1.6 -> 8.1.7
python3-engineio: upgrade 4.5.1 -> 4.6.0
python3-google-api-python-client: upgrade 2.96.0 -> 2.97.0
python3-humanize: upgrade 4.7.0 -> 4.8.0
python3-mypy: upgrade 1.5.0 -> 1.5.1
python3-oauth2client: upgrade 4.1.2 -> 4.1.3
python3-protobuf: upgrade 4.24.0 -> 4.24.1
python3-pycocotools: upgrade 2.0.6 -> 2.0.7
python3-pymetno: upgrade 0.10.0 -> 0.11.0
python3-pymongo: upgrade 4.4.1 -> 4.5.0
python3-pywbem: upgrade 1.6.1 -> 1.6.2
python3-sqlalchemy: upgrade 2.0.19 -> 2.0.20
python3-tox: upgrade 4.8.0 -> 4.10.0
python3-typeguard: upgrade 4.1.0 -> 4.1.2
python3-types-setuptools: upgrade 68.0.0.3 -> 68.1.0.0
python3-zeroconf: upgrade 0.76.0 -> 0.82.1
redis: upgrade 7.0.12 -> 7.2.0
weechat: upgrade 4.0.3 -> 4.0.4
traceroute: upgrade 2.1.2 -> 2.1.3
wireshark: upgrade 4.0.7 -> 4.0.8
adw-gtk3: upgrade 4.8 -> 4.9
ctags: upgrade 6.0.20230820.0 -> 6.0.20230827.0
debootstrap: upgrade 1.0.131 -> 1.0.132
dialog: upgrade 1.3-20210509 -> 1.3-20230209
fmt: upgrade 10.1.0 -> 10.1.1
gensio: upgrade 2.7.4 -> 2.7.5
iwd: upgrade 2.7 -> 2.8
libgphoto2: upgrade 2.5.30 -> 2.5.31
libzip: upgrade 1.10.0 -> 1.10.1
logwatch: upgrade 7.8 -> 7.9
thrift: upgrade 0.18.1 -> 0.19.0
libnet-dns-perl: upgrade 1.39 -> 1.40
python3-alembic: upgrade 1.11.3 -> 1.12.0
python3-argh: upgrade 0.28.1 -> 0.29.3
python3-asttokens: upgrade 2.2.1 -> 2.4.0
python3-bitstring: upgrade 4.1.0 -> 4.1.1
python3-cmake: upgrade 3.27.2 -> 3.27.4.1
python3-diskcache: upgrade 5.6.1 -> 5.6.3
python3-engineio: upgrade 4.6.0 -> 4.7.0
python3-imageio: upgrade 2.31.1 -> 2.31.3
python3-ipython: upgrade 8.14.0 -> 8.15.0
python3-kiwisolver: upgrade 1.4.4 -> 1.4.5
python3-langtable: upgrade 0.0.62 -> 0.0.63
python3-luma-core: upgrade 2.4.0 -> 2.4.1
python3-protobuf: upgrade 4.24.1 -> 4.24.2
python3-pymisp: upgrade 2.4.174 -> 2.4.175
python3-pymodbus: upgrade 3.4.1 -> 3.5.0
python3-smbus2: upgrade 0.4.2 -> 0.4.3
python3-snagboot: upgrade 1.1 -> 1.2
python3-socketio: upgrade 5.8.0 -> 5.9.0
python3-soupsieve: upgrade 2.4.1 -> 2.5
python3-tox: upgrade 4.10.0 -> 4.11.1
python3-typeguard: upgrade 4.1.2 -> 4.1.3
python3-types-setuptools: upgrade 68.1.0.0 -> 68.1.0.1
python3-virtualenv: upgrade 20.24.3 -> 20.24.4
python3-web3: upgrade 6.8.0 -> 6.9.0
python3-zeroconf: upgrade 0.82.1 -> 0.97.0
Willy Tu (1):
abseil-cpp: upgrade 20230125.3 -> 20230802.0
Yi Zhao (7):
nftables: upgrade 1.0.7 -> 1.0.8
libssh: upgrade 0.10.4 -> 0.10.5
samba: upgrade 4.18.5 -> 4.18.6
libyang: upgrade 2.1.55 -> 2.1.111
frr: Security fix CVE-2023-3748
vsomeip: add recipe
ntp: add missing runtime dependencies
Yogita Urade (2):
poppler: fix CVE-2023-34872
hwloc: fix CVE-2022-47022
Βούλγαρη Αικατερίνη (1):
collectd: build with rrdcached plugin
poky: 71282bbc53..61531cd395:
Adrian Freihofer (2):
cmake.bbclass: cleanup spaces and tabs
cmake.bbclass: refactor cmake args
Alberto Planas (1):
bitbake.conf: add bunzip2 in HOSTTOOLS
Alexander Kanavin (18):
lib/oe/recipeutils.py: accommodate SRCPV being optional and deprecated in version check regex
python3-sphinx: correct version check
systemd-bootchart: musl fixes have been rejected upstream
openssl: build and install manpages only if they are enabled
gettext: upgrade 0.21.1 -> 0.22
connman: update 1.41 -> 1.42
libcgroup: update 3.0.0 -> 3.1.0
perlcross: update 1.4.1 -> 1.5
perl: update 5.36.1 -> 5.38.0
groff: update 1.22.4 -> 1.23.0
libglu: update 9.0.2 -> 9.0.3
libpthread-stubs: update 0.4 -> 0.5
gpgme: upgrade 1.20.0 -> 1.22.0
libgudev: upgrade 237 -> 238
gnupg: upgrade 2.4.2 -> 2.4.3
gnutls: update 3.8.0 -> 3.8.1
runqemu: check permissions of available render nodes as well as their presence
build-sysroots: target or native sysroot population need to be selected explicitly
Alexis Lothoré (7):
oeqa/utils/gitarchive: fix tag computation when creating archive
oeqa/selftest: introduce gitarchive tests
oeqa/utils/gitarchive: fix tag computation when creating archive
oeqa/selftest/gitarchive: add tests about tags lisiting when no remote is configured
oeqa/utils/gitarchive: allow to pass a logger to get_tags
oeqa/utils/gitarchive: fall back to local tags when listing existing tags
oeqa/utils/gitarchive: replace warning with info when reading local tags
Angelo Ribeiro (1):
ccache.bbclass: Add allowed list for native recipes
Anuj Mittal (3):
gstreamer1.0: upgrade 1.22.4 -> 1.22.5
harfbuzz: upgrade 8.0.1 -> 8.1.1
stress-ng: upgrade 0.15.08 -> 0.16.04
Archana Polampalli (1):
vim: upgrade 9.0.1592 -> 9.0.1664
Benjamin Bara (6):
rust-target-config: fix target_features for vfpv3d16
README: fix mail address in git example command
pixman: avoid neon on unsupported machines
nettle: avoid neon on unsupported machines
ffmpeg: avoid neon on unsupported machines
ghostscript: avoid neon on unsupported machines
Bruce Ashfield (19):
conf/machine: set preferred kernel to be 6.4
poky/poky-tiny: set preferred linux-yocto version to 6.4
linux-yocto/6.1: update to v6.1.44
linux-yocto/6.4: update to v6.4.10
linux-yocto/6.1: update to v6.1.45
kern-tools: include utility to post process config diffs
linux-yocto/6.1: fix uninitialized read in nohz_full/isolcpus setup
linux-yocto/6.4: fix uninitialized read in nohz_full/isolcpus setup
linux-yocto/6.4: update to v6.4.11
linux-yocto/6.1: update to v6.1.46
linux-yocto/6.1: fix IRQ-80 warnings
linux-yocto/6.4: fix IRQ-80 warnings
linux-yocto/6.4: fix CONFIG_F2FS_IO_TRACE configuration warning
linux-yocto/6.1: fix CONFIG_F2FS_IO_TRACE configuration warning
linux-yocto/6.4: update to v6.4.12
linux-yocto/6.1: update to v6.1.50
linux-yocto/6.4: update to v6.4.13
linux-yocto/6.4: update to v6.4.14
linux-yocto/6.1: update to v6.1.51
Changqing Li (1):
sqlite3: set CVE_STATUS for CVE-2023-36191
Chen Qi (6):
bitbake: runqueue.py: fix PSI check logic
cmake: drop OE specific environment variable support
cmake.bbclass: fix allarch override syntax
uninative.bbclass: sync to use UNINATIVE_STAGING_DIR
stress-ng: disable DEBUG_BUILD
oe-depends-dot: improve '-w' behavior
Daniel Semkowicz (1):
dev-manual: wic.rst: Update native tools build command
David Reyna (3):
bitbake: toaster: Update to Django 4.2
bitbake: toaster: import only used layers
bitbake: toaster: accommodate missing 'Image Name' value in buildinfohelper
Dmitry Baryshkov (4):
mdadm: disable strace on rv32 arch
linux-firmware: upgrade 20230625 -> 20230804
linux-firmware: package audio topology for Lenovo X13s
linux-firmware: package Dragonboard 845c sensors DSP firmware
Eilís 'pidge' Ní Fhlannagáin (1):
nativesdk-intercept: Fix bad intercept chgrp/chown logic
Emil Ekmečić (2):
bitbake: fetch2: add Google Cloud Platform (GCP) fetcher
Add GCP fetcher to list of supported protocols
Emil Kronborg Andersen (2):
dbus: add additional entries to CVE_PRODUCT
libxkbcommon: add CVE_PRODUCT
Etienne Cordonnier (2):
vim: update obsolete comment
migration-guides: system-conf -> systemd-conf
Frederic Martinsons (5):
rust: add cargo-c native recipe
classes-recipe: add cargo_c.bbclass
rust: provide examples for C library generation in rust
oeqa/runtime/rust: correct rust test
ref-manual: classes.rst: suppress rust-hello-world reference, add ptest-cargo class
Jaeyoon Jung (1):
cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig
Jasper Orschulko (1):
cve_check: Fix cpe_id generation
Joe Slater (1):
file: fix call to localtime_r()
Jon Mason (1):
linux-yocto-dev: correct qemuarmv5 device tree location
Jose Quaresma (3):
systemd: fix efi dependency
systemd-boot: remove old gummiboot TUNE_CCARGS
pybootchartgui: also match do_compile and do_configure subtasks
Joshua Watt (9):
bitbake: bblayers/query: Add multiconfig support to `show-appends`
bitbake: cooker: Fix error message
bitbake: lib/bb: Add xattr and acl libraries
buildtools-tarball: Add libacl
classes/image_types: Add vfat image type
bitbake: fetch2: git: Check if clone directory is a git repo
wic: Add gpt-hybrid partition layout
bitbake: fetch2: git: Remove useless try..else clause
Add libacl to required packages
Julien Stephan (4):
less: upgrade 633 -> 643
less: add ptest support
patch.py: use --absolute-git-dir instead of --show-toplevel to retrieve gitdir
vulkan-samples: convert debugfix.patch to git format patch
Kai Kang (1):
webkitgtk: fix build failure with DEBUG_BUILD enabled
Khem Raj (22):
gnu-efi: Fix build on musl
systemd-boot: Fix build on musl
glibc: Upgrade to 2.38 release
glibc: Enable fortify sources by defaults
glibc: Drop --enable-tunables
glibc: Fix SVE detection on aarch64
glibc-tests: Add missing libgcc runtime dependency
kernel.bbclass: Use KERNEL_STRIP instead of STRIP
build-sysroots: Add SUMMARY field
tunes: Add support for sve instructions on armv8/armv9
arch-armv8,arch-armv9: Add sve based tune options
python3: Increase default thread stack size on musl
inetutils: Fix CVE-2023-40303
inetutils: Apply devtool formatting suggestions
qemu: Fix CVE-2023-40360
core-image-ptest: Define a fallback for SUMMARY field
dos2unix: upgrade 7.5.0 -> 7.5.1
python3: Fix ptests on musl
tcl: Add a way to skip ptests
rust-target-config: Map rust target to OE target
libc-test: Depend on musl-staticdev
apr: Fix ptests on musl
Lee Chee Yang (2):
migration-guides: add release notes for 4.2.3
migration-guides: add release notes for 4.0.12
Lei Maohui (1):
glibc-package: Fix conflict error when enable multilib.
Luan Rafael Carneiro (2):
weston: Upgrade version 12.0.1 -> 12.0.2
weston: Add sysconfdir to FILES:${PN}
Luca Ceresoli (1):
Revert "oeqa/runtime/parselogs: Exclude preempt-rt error for now"
Markus Niebel (2):
wic: fix wrong attempt to create file system in upartitioned regions
oeqa: wic: Add test for --no-table option
Markus Volk (8):
gtk4: upgrade 4.10.4 -> 4.10.5
libadwaita: upgrade 1.3.3 -> 1.3.4
gtk4: upgrade 4.10.5 -> 4.12.0
qemu: fix libudev packageconfig for systemd images
qemu: build pulseaudio support depending on distro_feature
qemu: add packageconfigs for fuse and dbus-display
gtk4: upgrade 4.12.0 -> 4.12.1
mesa: add intel raytracing support to opencl build
Martin Jansa (6):
tcl: prevent installing another copy of tzdata
cross-localedef-native: fix build on hosts with older glibc
bitbake: runqueue: show more pressure data
Makefile: remove from top-level directory
bitbake: runqueue: show number of currently running bitbake threads when pressure changes
webkitgtk: explicitly disable JIT for armv7* with softfp
Michael Halstead (2):
yocto-uninative: Update to 4.2 for glibc 2.38
yocto-uninative: Update to 4.3
Michael Opdenacker (26):
scripts/create-pull-request: update URLs to git repositories
manuals: create a dedicated "Contributor Guide" document
ref-manual: classes.rst: fix location of _ref-classes-ccache
ref-manual: update supported distro versions
contributor-guide: add missing links to mailing lists
contributor-guide: add section about why we use mailing lists
contributor-guide: add recipe style guide
ref-manual: remove AUTHOR variable
contributor guide: call section "Reporting a defect"
contributor-guide: remove obsolete pkg-config guidelines
contributor guide: remove unnecessary information about mailing lists
contributor-guide: clarification about patchtest
contributor guide: update instructions for making and sharing changes
dev-manual: disk-space: mention faster "find" command to trim sstate cache
contributor-guide: move to 2nd place in top menu
contributor-guide: submit-changes: simplify note
contributor-guide: identify component: provide link to repositories
contributor-guide: submit-changes: detail commit and patch creation
contributor-guide: submit-changes: develop sending patches section
manuals: README: update list of manuals
contributor-guide: submit-changes: reorganize and develop sections
contributor-guide: submit-changes: improvements to mailing lists section
contributor-guide: submit-changes: commit guidelines for recipes
contributor-guide: submit-changes: how to request push access to repositories
README: update/fix contribution guidelines
bitbake: doc: bitbake-user-manual: remove reference to SSTATE_MIRRORS variable
Mikko Rapeli (4):
openssh: capture ptest regression test failure logs
oeqa selftest context.py: whitespace fix
oeqa selftest context.py: remove warning from missing meta-selftest
oeqa selftest context.py: fix git commands and set branch name
Mingli Yu (2):
qemu: Add qemu-common package
webkitgtk: Add opengl to REQUIRED_DISTRO_FEATURES
Narpat Mali (1):
ffmpeg: add CVE_STATUS for CVE-2023-39018
Otavio Salvador (2):
weston-init: remove misleading comment about udev rule
weston-init: fix init code indentation
Ovidiu Panait (1):
mdadm: skip running 04update-uuid and 07revert-inplace testcases
Paulo Neves (1):
bitbake: siggen.py: Improve taskhash reproducibility
Peter Kjellerstedt (3):
bin_package.bbclass: Inhibit the default dependencies
insane.bbclass: Remove an unused variable
poky.conf: Switch to post release name/version
Peter Marko (2):
openssl: Upgrade 3.1.1 -> 3.1.2
gcc-runtime: remove bashism
Poonam Jadhav (1):
pixman: Remove duplication of license MIT
Randolph Sapp (1):
bitbake: gitsm: tolerate git-lfs in submodules
Richard Purdie (39):
bitbake: siggen: Fix indentation
bitbake: siggen: Update debug
resulttool/report: Avoid divide by zero
gcc-testsuite: Fix qemu binary filtering code logic error
gcc-testsuite: Set qemu options for mips correctly
mips/tune-mips64r2: Set qemu cpu option correctly
binutils-cross-testsuite: Pass TUNE_LDARGS to tests
arch-mips: Ensure TUNE_LDARGS is set correctly
gcc: Add patch to improve testsuite failures, particularly mips
oeqa/runtime/parselogs: Exclude preempt-rt error for now
qemu: Upgrade 8.0.3 -> 8.0.4
lib/package_manager: Improve repo artefact filtering
Revert "oeqa/utils/gitarchive: fix tag computation when creating archive"
lttng-modules: Upgrade 2.13.9 -> 2.13.10
lttng-tools: Upgrade 2.13.9 -> 2.13.10
pseudo: Fix to work with glibc 2.38
binutils: Add missing DEPENDS on pod2man
build-sysroots: Ensure dependency chains are minimal
bitbake: fetch2: Add new srcrev fetcher API
base/package: Move source revision information from PV to PKGV
recipes/classes/scripts: Drop SRCPV usage in OE-Core
glibc: Add glibc 2.38 stable updates
README: Update to point to new contributor guide
bitbake: README: Update to point to new contributor guide
bitbake: command: Avoid time intensive distractions for ping
README: Clarify/standardise contributions process
python3-numpy: Attempt to fix reproducibility issue
bitbake: doc: Document challenges of tags with git fetcher
bitbake: server/process: Add more timing debug
qemu: Upgrade 8.0.4 -> 8.1.0
qemu: Add patches to resolve x86 and then mips boot issues
mdadm: Disable further tests due to intermittent failures
Revert "oeqa selftest context.py: fix git commands and set branch name"
classes: Drop ';' delimiter from ROOTFS/IMAGE*COMMAND variables
build-appliance-image: Update to master head revision
layer.conf: Update to nanbield release series
bitbake: bitbake: Update to 2.6.0 release series/version
layer.conf: Update to nanbield release series
build-appliance-image: Update to master head revision
Ross Burton (47):
connman-conf: don't take over any ethernet devices, not just eth0
meson.bbclass: add MESON_TARGET
meson.bbclass:: update do_write_config vardeps
systemd-boot: use MESON_TARGET
systemd-boot: improve cross file generation
p11-kit: fix build without qemu-usermode
gi-docgen: depend on qemu-usermode MACHINE_FEATURES
python3-pygobject: add explicit check for qemu-usermode MACHINE_FEATURE
graphene: fix runtime detection of IEEE754 behaviour
python3: ignore disputed CVE-2023-36632
procps: backport fix for CVE-2023-4016
linux/generate-cve-exclusions.py: fix comparison
linux/cve-exclusions: update CVE_STATUS exclusions
perf: enable verbose feature detection
perf: add more PACKAGECONFIGs
perf: fix perl binding support
perf: split scripting PACKAGECONFIG into perl and python
perf: disable perl support
libtraceevent: build with Meson
linux/generate-cve-exclusions: add version check warning
linux-yocto: update CVE exclusions files
site: remove at-spi2-core values
inetutils: don't guess target paths
inetutils: remove obsolete patches
inetutils: remove obsolete cruft from do_configure
glib-networking: enable build with GnuTLS if PKCS#11 was disabled
glib-networking: use gnutls backend for TLS sockets
cve-extra-exclusions: remove historic kernel CVEs which are handled now
cve-extra-exclusions: remove BlueZ issues
linux-yocto: update kernel CVE status
linux: review some historic CVE_STATUS
glib-2.0: explicitly enable strlcpy()
scripts/oe-find-native-sysroot: use bitbake-getvar
qemu-system-native: enable PNG support
python3-build: upgrade to 1.0.0
glib-2.0: libelf has a configure option now, specify it
harfbuzz: update PACKAGECONFIG
pango: explictly enable/disable libthai
libsoup-2.4: update PACKAGECONFIG
libsoup: update PACKAGECONFIG
wayland-utils: add libdrm PACKAGECONFIG
cve-exclusion: review the last of the historical kernel CVEs
busybox: remove coreutils dependency in busybox-ptest
libgudev: explicitly disable tests and vapi
linux: update CVE exclusions
python3-build: upgrade to 1.0.3
avahi: handle invalid service types gracefully
Ryan Eatmon (1):
kernel.bbclass: Add force flag to rm calls
Samantha Jalabert (1):
bitbake: Fix disk space monitoring on cephfs
Stéphane Veyret (1):
nfs-utils: Add needed library to client
Sudip Mukherjee (4):
kea: upgrade to v2.4.0
cmake: upgrade to v3.27.4
dpkg: upgrade to v1.22.0
openssh: upgrade to v9.4p1
Tom Hochstein (1):
linux-firmware: add firmware files for NXP BT chipsets
Trevor Gamblin (16):
python3-hypothesis: upgrade 6.82.0 -> 6.82.5
python3-more-itertools: upgrade 10.0.0 -> 10.1.0
python3-pygments: upgrade 2.15.1 -> 2.16.1
python3-wheel: upgrade 0.41.0 -> 0.41.1
maintainers.inc: Add self for unmaintained Python recipes
oe-buildenv-internal: update required Python version
python3-dbusmock: upgrade 0.29.0 -> 0.29.1
python3-numpy: upgrade 1.25.1 -> 1.25.2
python3-trove-classfiers: upgrade 2023.7.6 -> 2023.8.7
python3-setuptools: upgrade 68.0.0 -> 68.1.0
python3-dtc: upgrade 1.6.1 -> 1.7.0
python3-poetry: upgrade 1.6.1 -> 1.7.0
python3-git: upgrade 3.1.32 -> 3.1.34
python3-hypothesis: upgrade 6.82.7 -> 6.84.0
python3-pytest: upgrade 7.4.0 -> 7.4.1
python3-sphinx: upgrade 7.1.1 -> 7.2.5
Ulrich Ölmann (1):
weston: fix comment
Wang Mingyu (47):
btrfs-tools: upgrade 6.3.1 -> 6.3.3
curl: upgrade 8.2.0 -> 8.2.1
file: upgrade 5.44 -> 5.45
gmp: upgrade 6.2.1 -> 6.3.0
xxhash: upgrade 0.8.1 -> 0.8.2
python3-editables: upgrade 0.4 -> 0.5
python3-markdown: upgrade 3.4.3 -> 3.4.4
python3-pathspec: upgrade 0.11.1 -> 0.11.2
python3-pip: upgrade 23.2 -> 23.2.1
python3-pyparsing: upgrade 3.1.0 -> 3.1.1
re2c: upgrade 3.0 -> 3.1
shaderc: upgrade 2023.4 -> 2023.5
sudo: upgrade 1.9.14p2 -> 1.9.14p3
libarchive: upgrade 3.6.2 -> 3.7.1
tar: upgrade 1.34 -> 1.35
bind: upgrade 9.18.17 -> 9.18.18
bluez5: upgrade 5.68 -> 5.69
ell: upgrade 0.57 -> 0.58
git: upgrade 2.41.0 -> 2.42.0
kbd: upgrade 2.6.1 -> 2.6.2
libconvert-asn1-perl: upgrade 0.33 -> 0.34
libdrm: upgrade 2.4.115 -> 2.4.116
libedit: upgrade 20221030-3.1 -> 20230828-3.1
libgit2: upgrade 1.7.0 -> 1.7.1
librepo: upgrade 1.15.1 -> 1.15.2
libsecret: upgrade 0.20.5 -> 0.21.0
libsndfile1: upgrade 1.2.0 -> 1.2.2
libxml2: upgrade 2.11.4 -> 2.11.5
mc: upgrade 4.8.29 -> 4.8.30
mpfr: upgrade 4.2.0 -> 4.2.1
neard: upgrade 0.18 -> 0.19
python3: upgrade 3.11.4 -> 3.11.5
pango: upgrade 1.50.14 -> 1.51.0
pigz: upgrade 2.7 -> 2.8
pkgconf: upgrade 1.9.5 -> 2.0.2
python3-setuptools: upgrade 68.1.0 -> 68.1.2
repo: upgrade 2.35 -> 2.36.1
shaderc: upgrade 2023.5 -> 2023.6
sqlite3: upgrade 3.42.0 -> 3.43.0
sysklogd: upgrade 2.5.0 -> 2.5.2
xz: upgrade 5.4.3 -> 5.4.4
zlib: upgrade 1.2.13 -> 1.3
python3-hypothesis: upgrade 6.82.5 -> 6.82.7
python3-pluggy: upgrade 1.2.0 -> 1.3.0
python3-sphinx-rtd-theme: upgrade 1.2.2 -> 1.3.0
python3-wheel: upgrade 0.41.1 -> 0.41.2
librepo: upgrade 1.15.2 -> 1.16.0
Yang Xu (1):
meson: don't fail if no .pyc exists
Yi Zhao (2):
dhcpcd: upgrade 10.0.1 -> 10.0.2
dhcpcd: fix buffer overflow
Yoann Congal (1):
dev-manual: remove unsupported :term: markup inside markup
Yogita Urade (1):
dropbear: fix CVE-2023-36328
Yuta Hayama (3):
linux/generate-cve-exclusions: print the generated time in UTC
linux/generate-cve-exclusions: fix mishandling of boundary values
linux-yocto: correct the wording in CVE_STATUS
Zang Ruochen (6):
tcf-agent: Disable non-building features on loongarch64
gcc-sanitizers: Add loongarch as a compatible architecture.
goarch.bbclass: Add loongarch64 to go_map_arch
qemuloongarch.inc:Change to use virtio-serial-pci
kernel-devsrc: Fixed missing loongarch64 kernel source code when test_kernelmodules
gcc: Fresh 0003-64-bit-multilib-hack.patch to add loongarch64 support
Change-Id: I4d4752539711b34471002dd1817bb7c14a590675
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'poky/meta/recipes-devtools/perl')
| -rw-r--r-- | poky/meta/recipes-devtools/perl/files/CVE-2023-31484.patch | 29 | ||||
| -rw-r--r-- | poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch | 217 | ||||
| -rw-r--r-- | poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch | 36 | ||||
| -rw-r--r-- | poky/meta/recipes-devtools/perl/files/perl-configpm-switch.patch | 66 | ||||
| -rw-r--r-- | poky/meta/recipes-devtools/perl/perl_5.38.0.bb (renamed from poky/meta/recipes-devtools/perl/perl_5.36.1.bb) | 13 |
5 files changed, 39 insertions, 322 deletions
diff --git a/poky/meta/recipes-devtools/perl/files/CVE-2023-31484.patch b/poky/meta/recipes-devtools/perl/files/CVE-2023-31484.patch deleted file mode 100644 index 9a9117c53a..0000000000 --- a/poky/meta/recipes-devtools/perl/files/CVE-2023-31484.patch +++ /dev/null @@ -1,29 +0,0 @@ -From a625ec2cc3a0b6116c1f8b831d3480deb621c245 Mon Sep 17 00:00:00 2001 -From: Stig Palmquist <git@stig.io> -Date: Tue, 28 Feb 2023 11:54:06 +0100 -Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server - identity - -CVE: CVE-2023-31484 - -Upstream-Status: Backport [https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0] - -Signed-off-by: Soumya <soumya.sambu@windriver.com> ---- - cpan/CPAN/lib/CPAN/HTTP/Client.pm | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/cpan/CPAN/lib/CPAN/HTTP/Client.pm b/cpan/CPAN/lib/CPAN/HTTP/Client.pm -index 4fc792c..a616fee 100644 ---- a/cpan/CPAN/lib/CPAN/HTTP/Client.pm -+++ b/cpan/CPAN/lib/CPAN/HTTP/Client.pm -@@ -32,6 +32,7 @@ sub mirror { - - my $want_proxy = $self->_want_proxy($uri); - my $http = HTTP::Tiny->new( -+ verify_SSL => 1, - $want_proxy ? (proxy => $self->{proxy}) : () - ); - --- -2.40.0 diff --git a/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch deleted file mode 100644 index 0531e1f099..0000000000 --- a/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch +++ /dev/null @@ -1,217 +0,0 @@ -From 77f557ef84698efeb6eed04e4a9704eaf85b741d -From: Stig Palmquist <git@stig.io> -Date: Mon Jun 5 16:46:22 2023 +0200 -Subject: [PATCH] Change verify_SSL default to 1, add ENV var to enable - insecure default - -- Changes the `verify_SSL` default parameter from `0` to `1` - - Based on patch by Dominic Hargreaves: - https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92 - - CVE: CVE-2023-31486 - -- Add check for `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` that - enables the previous insecure default behaviour if set to `1`. - - This provides a workaround for users who encounter problems with the - new `verify_SSL` default. - - Example to disable certificate checks: - ``` - $ PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 ./script.pl - ``` - -- Updates to documentation: - - Describe changing the verify_SSL value - - Describe the escape-hatch environment variable - - Remove rationale for not enabling verify_SSL - - Add missing certificate search paths - - Replace "SSL" with "TLS/SSL" where appropriate - - Use "machine-in-the-middle" instead of "man-in-the-middle" - -Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d] - -Signed-off-by: Soumya <soumya.sambu@windriver.com> ---- - cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 86 ++++++++++++++++++++++----------- - 1 file changed, 57 insertions(+), 29 deletions(-) - -diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm -index 83ca06d..ebc34a1 100644 ---- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm -+++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm -@@ -40,10 +40,14 @@ sub _croak { require Carp; Carp::croak(@_) } - #pod * C<timeout> — Request timeout in seconds (default is 60) If a socket open, - #pod read or write takes longer than the timeout, the request response status code - #pod will be 599. --#pod * C<verify_SSL> — A boolean that indicates whether to validate the SSL --#pod certificate of an C<https> — connection (default is false) -+#pod * C<verify_SSL> — A boolean that indicates whether to validate the TLS/SSL -+#pod certificate of an C<https> — connection (default is true). Changed from false -+#pod to true in version 0.083. - #pod * C<SSL_options> — A hashref of C<SSL_*> — options to pass through to - #pod L<IO::Socket::SSL> -+#pod * C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> - Changes the default -+#pod certificate verification behavior to not check server identity if set to 1. -+#pod Only effective if C<verify_SSL> is not set. Added in version 0.083. - #pod - #pod An accessor/mutator method exists for each attribute. - #pod -@@ -111,11 +115,17 @@ sub timeout { - sub new { - my($class, %args) = @_; - -+ # Support lower case verify_ssl argument, but only if verify_SSL is not -+ # true. -+ if ( exists $args{verify_ssl} ) { -+ $args{verify_SSL} ||= $args{verify_ssl}; -+ } -+ - my $self = { - max_redirect => 5, - timeout => defined $args{timeout} ? $args{timeout} : 60, - keep_alive => 1, -- verify_SSL => $args{verify_SSL} || $args{verify_ssl} || 0, # no verification by default -+ verify_SSL => defined $args{verify_SSL} ? $args{verify_SSL} : _verify_SSL_default(), - no_proxy => $ENV{no_proxy}, - }; - -@@ -134,6 +144,13 @@ sub new { - return $self; - } - -+sub _verify_SSL_default { -+ my ($self) = @_; -+ # Check if insecure default certificate verification behaviour has been -+ # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 -+ return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1; -+} -+ - sub _set_proxies { - my ($self) = @_; - -@@ -1055,7 +1072,7 @@ sub new { - timeout => 60, - max_line_size => 16384, - max_header_lines => 64, -- verify_SSL => 0, -+ verify_SSL => HTTP::Tiny::_verify_SSL_default(), - SSL_options => {}, - %args - }, $class; -@@ -2043,11 +2060,11 @@ proxy - timeout - verify_SSL - --=head1 SSL SUPPORT -+=head1 TLS/SSL SUPPORT - - Direct C<https> connections are supported only if L<IO::Socket::SSL> 1.56 or - greater and L<Net::SSLeay> 1.49 or greater are installed. An error will occur --if new enough versions of these modules are not installed or if the SSL -+if new enough versions of these modules are not installed or if the TLS - encryption fails. You can also use C<HTTP::Tiny::can_ssl()> utility function - that returns boolean to see if the required modules are installed. - -@@ -2055,7 +2072,7 @@ An C<https> connection may be made via an C<http> proxy that supports the CONNEC - command (i.e. RFC 2817). You may not proxy C<https> via a proxy that itself - requires C<https> to communicate. - --SSL provides two distinct capabilities: -+TLS/SSL provides two distinct capabilities: - - =over 4 - -@@ -2069,24 +2086,17 @@ Verification of server identity - - =back - --B<By default, HTTP::Tiny does not verify server identity>. -- --Server identity verification is controversial and potentially tricky because it --depends on a (usually paid) third-party Certificate Authority (CA) trust model --to validate a certificate as legitimate. This discriminates against servers --with self-signed certificates or certificates signed by free, community-driven --CA's such as L<CAcert.org|http://cacert.org>. -+B<By default, HTTP::Tiny verifies server identity>. - --By default, HTTP::Tiny does not make any assumptions about your trust model, --threat level or risk tolerance. It just aims to give you an encrypted channel --when you need one. -+This was changed in version 0.083 due to security concerns. The previous default -+behavior can be enabled by setting C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> -+to 1. - --Setting the C<verify_SSL> attribute to a true value will make HTTP::Tiny verify --that an SSL connection has a valid SSL certificate corresponding to the host --name of the connection and that the SSL certificate has been verified by a CA. --Assuming you trust the CA, this will protect against a L<man-in-the-middle --attack|http://en.wikipedia.org/wiki/Man-in-the-middle_attack>. If you are --concerned about security, you should enable this option. -+Verification is done by checking that that the TLS/SSL connection has a valid -+certificate corresponding to the host name of the connection and that the -+certificate has been verified by a CA. Assuming you trust the CA, this will -+protect against L<machine-in-the-middle -+attacks|http://en.wikipedia.org/wiki/Machine-in-the-middle_attack>. - - Certificate verification requires a file containing trusted CA certificates. - -@@ -2094,9 +2104,7 @@ If the environment variable C<SSL_CERT_FILE> is present, HTTP::Tiny - will try to find a CA certificate file in that location. - - If the L<Mozilla::CA> module is installed, HTTP::Tiny will use the CA file --included with it as a source of trusted CA's. (This means you trust Mozilla, --the author of Mozilla::CA, the CPAN mirror where you got Mozilla::CA, the --toolchain used to install it, and your operating system security, right?) -+included with it as a source of trusted CA's. - - If that module is not available, then HTTP::Tiny will search several - system-specific default locations for a CA certificate file: -@@ -2115,13 +2123,33 @@ system-specific default locations for a CA certificate file: - - /etc/ssl/ca-bundle.pem - -+=item * -+ -+/etc/openssl/certs/ca-certificates.crt -+ -+=item * -+ -+/etc/ssl/cert.pem -+ -+=item * -+ -+/usr/local/share/certs/ca-root-nss.crt -+ -+=item * -+ -+/etc/pki/tls/cacert.pem -+ -+=item * -+ -+/etc/certs/ca-certificates.crt -+ - =back - - An error will be occur if C<verify_SSL> is true and no CA certificate file - is available. - --If you desire complete control over SSL connections, the C<SSL_options> attribute --lets you provide a hash reference that will be passed through to -+If you desire complete control over TLS/SSL connections, the C<SSL_options> -+attribute lets you provide a hash reference that will be passed through to - C<IO::Socket::SSL::start_SSL()>, overriding any options set by HTTP::Tiny. For - example, to provide your own trusted CA file: - -@@ -2131,7 +2159,7 @@ example, to provide your own trusted CA file: - - The C<SSL_options> attribute could also be used for such things as providing a - client certificate for authentication to a server or controlling the choice of --cipher used for the SSL connection. See L<IO::Socket::SSL> documentation for -+cipher used for the TLS/SSL connection. See L<IO::Socket::SSL> documentation for - details. - - =head1 PROXY SUPPORT --- -2.40.0 diff --git a/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch deleted file mode 100644 index 45452be389..0000000000 --- a/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch +++ /dev/null @@ -1,36 +0,0 @@ -From a22785783b17cbaa28afaee4a024d81a1903701d -From: Stig Palmquist <git@stig.io> -Date: Sun Jun 18 11:36:05 2023 +0200 -Subject: [PATCH] Fix incorrect env var name for verify_SSL default - -The variable to override the verify_SSL default differed slightly in the -documentation from what was checked for in the code. - -This commit makes the code use `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT` -as documented, instead of `PERL_HTTP_TINY_INSECURE_BY_DEFAULT` which was -missing `SSL_` - -CVE: CVE-2023-31486 - -Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d] - -Signed-off-by: Soumya <soumya.sambu@windriver.com> ---- - cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm -index ebc34a1..65ac8ff 100644 ---- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm -+++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm -@@ -148,7 +148,7 @@ sub _verify_SSL_default { - my ($self) = @_; - # Check if insecure default certificate verification behaviour has been - # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 -- return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1; -+ return (($ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1; - } - - sub _set_proxies { --- -2.40.0 diff --git a/poky/meta/recipes-devtools/perl/files/perl-configpm-switch.patch b/poky/meta/recipes-devtools/perl/files/perl-configpm-switch.patch index 7ca7c7d12f..0be1d5a93c 100644 --- a/poky/meta/recipes-devtools/perl/files/perl-configpm-switch.patch +++ b/poky/meta/recipes-devtools/perl/files/perl-configpm-switch.patch @@ -1,4 +1,4 @@ -From e789c1a0c9de5928a3b49f5b9d81b63636f5c7bb Mon Sep 17 00:00:00 2001 +From c25d460a2f00e9af25087d40447fe1a81c89710c Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Sun, 27 May 2007 21:04:11 +0000 Subject: [PATCH] perl: 5.8.7 -> 5.8.8 (from OE) @@ -20,38 +20,38 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/configpm b/configpm -index 94a4778..99b20c9 100755 +index 07219d8..01a23fa 100755 --- a/configpm +++ b/configpm -@@ -687,7 +687,7 @@ sub FETCH { - my($self, $key) = @_; - - # check for cached value (which may be undef so we use exists not defined) -- return exists $self->{$key} ? $self->{$key} : $self->fetch_string($key); -+ return $self->fetch_string($key); - } - +@@ -718,7 +718,7 @@ $config_txt .= uncomment <<'ENDOFEND'; + # my($self, $key) = @_; + # + # # check for cached value (which may be undef so we use exists not defined) +-# return exists $self->{$key} ? $self->{$key} : $self->fetch_string($key); ++# return $self->fetch_string($key); + # } + # ENDOFEND -@@ -845,7 +845,21 @@ $config_txt .= sprintf <<'ENDOFTIE', $fast_config; - sub DESTROY { } - - sub AUTOLOAD { -- require 'Config_heavy.pl'; -+ my $cfgfile = 'Config_heavy.pl'; -+ if (defined $ENV{PERLCONFIGTARGET} and $ENV{PERLCONFIGTARGET} eq "yes") -+ { -+ $cfgfile = 'Config_heavy-target.pl'; -+ } -+ if (defined $ENV{PERL_ARCHLIB}) -+ { -+ push @INC, $ENV{PERL_ARCHLIB}; -+ require $cfgfile; -+ pop @INC; -+ } -+ else -+ { -+ require $cfgfile; -+ } - goto \&launcher unless $Config::AUTOLOAD =~ /launcher$/; - die "&Config::AUTOLOAD failed on $Config::AUTOLOAD"; - } +@@ -876,7 +876,21 @@ $config_txt .= sprintf uncomment <<'ENDOFTIE', $fast_config; + # sub DESTROY { } + # + # sub AUTOLOAD { +-# require 'Config_heavy.pl'; ++# my $cfgfile = 'Config_heavy.pl'; ++# if (defined $ENV{PERLCONFIGTARGET} and $ENV{PERLCONFIGTARGET} eq "yes") ++# { ++# $cfgfile = 'Config_heavy-target.pl'; ++# } ++# if (defined $ENV{PERL_ARCHLIB}) ++# { ++# push @INC, $ENV{PERL_ARCHLIB}; ++# require $cfgfile; ++# pop @INC; ++# } ++# else ++# { ++# require $cfgfile; ++# } + # goto \&launcher unless $Config::AUTOLOAD =~ /launcher$/; + # die "&Config::AUTOLOAD failed on $Config::AUTOLOAD"; + # } diff --git a/poky/meta/recipes-devtools/perl/perl_5.36.1.bb b/poky/meta/recipes-devtools/perl/perl_5.38.0.bb index 87768cc7f7..2103a39dfa 100644 --- a/poky/meta/recipes-devtools/perl/perl_5.36.1.bb +++ b/poky/meta/recipes-devtools/perl/perl_5.38.0.bb @@ -17,9 +17,6 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \ file://0002-Constant-Fix-up-shebang.patch \ file://determinism.patch \ file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \ - file://CVE-2023-31484.patch \ - file://CVE-2023-31486-0001.patch \ - file://CVE-2023-31486-0002.patch \ " SRC_URI:append:class-native = " \ file://perl-configpm-switch.patch \ @@ -28,7 +25,7 @@ SRC_URI:append:class-target = " \ file://encodefix.patch \ " -SRC_URI[perl.sha256sum] = "68203665d8ece02988fc77dc92fccbb297a83a4bb4b8d07558442f978da54cc1" +SRC_URI[perl.sha256sum] = "213ef58089d2f2c972ea353517dc60ec3656f050dcc027666e118b508423e517" B = "${WORKDIR}/perl-${PV}-build" @@ -158,9 +155,10 @@ do_install:append:class-target() { # This is used to substitute target configuration when running native perl via perl-configpm-switch.patch ln -s Config_heavy.pl ${D}${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/Config_heavy-target.pl - # This contains host-specific information used for building miniperl (a helper executable built with host compiler) - # and therefore isn't reproducible. I believe the file isn't actually needed on target. - rm ${D}${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/CORE/xconfig.h + # xconfig.h contains references to build host architecture, and yet is included from various other places. + # To make it reproducible let's make it a copy of config.h patch that is specific to the target architecture. + # It is believed that the original header is the product of building miniperl (a helper executable built with host compiler). + cp ${D}${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/CORE/config.h ${D}${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/CORE/xconfig.h } do_install:append:class-nativesdk() { @@ -205,6 +203,7 @@ perl_package_preprocess () { ${PKGD}${bindir}/pod2usage.perl \ ${PKGD}${bindir}/podchecker.perl \ ${PKGD}${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/CORE/config.h \ + ${PKGD}${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/CORE/xconfig.h \ ${PKGD}${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/CORE/perl.h \ ${PKGD}${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/CORE/pp.h \ ${PKGD}${libdir}/perl5/${PV}/Config.pm \ |