diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2020-12-01 20:48:33 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2020-12-03 21:04:38 +0300 |
| commit | 94a70a0f73533c9af5a5a15942539e8eda1a6a5e (patch) | |
| tree | 5498997319636e4a46d5c790f7f6b29c21bffcea /poky/meta/recipes-devtools/python | |
| parent | 1985ab5bd94a390b8e0c60091fb4ec5aaaf69a03 (diff) | |
| download | openbmc-94a70a0f73533c9af5a5a15942539e8eda1a6a5e.tar.xz | |
subtree updates - pull latest dunfell
meta-raspberrypi: 8066fac91d..9879932097:
Alex Gonzalez (1):
linux-raspberrypi: Only deploy cmdline.txt for the main kernel
Andrei Gherzan (5):
Revert "Generalize the naming of the bootfiles deploy directory"
Revert "u-boot: Move fw_env.config to u-boot append"
Revert "u-boot-rpi: Locate local patches with FILESEXTRAPATHS."
Revert "u-boot: Fix booting raspberrypi CM3 module"
sdcard_image-rpi.bbclass: Fix when RPI_SDIMG_EXTRA_DEPENDS not defined
Andrzej Bednarski (1):
docs: Correct minor spelling issues
Christopher Clark (4):
linux-raspberrypi: bump to 5.4.50 since upstream was force-pushed
rpi-base: add SERIAL_CONSOLES_CHECK to default to SERIAL_CONSOLES
sdcard_image-rpi.bbclass: enable extensible inclusion into boot
docs/extra-build-config.md: document vars to add to boot partition
Drew Moseley (1):
u-boot-rpi: Locate local patches with FILESEXTRAPATHS.
Eino Juhani Oltedal (1):
linux-raspberrypi: bump to Linux version 5.4.72
Fabio Berton (2):
u-boot: Move fw_env.config to u-boot append
u-boot: Move fw_env.config to u-boot append
Jakub Luzny (2):
rpi-config: Add CAN_OSCILLATOR variable to set mcp2515 crystal frequency
docs/extra-build-config.md: Document CAN_OSCILLATOR variable
Jeff Ithier (2):
Generalize the naming of the bootfiles deploy directory
Generalize the naming of the bootfiles deploy directory
Jon Magnuson (1):
packagegroup-rpi-test: resolve `wireless-regdb` conflict
Khem Raj (16):
linux-raspberrypi_5.4.bb: Move to 5.4.45
linux-raspberrypi_5.4.bb: Upgrade to 5.4.47
userland: Update to 2020-06-24 top commit
linux-raspberrypi: Update to 5.4.59
raspberrypi-firmware: Upgrade to 20200819
xserver-xorg: Depend on userland when vc4graphics is disabled
libsdl2: Add userland dependency when not using vc4graphics
linux-raspberrypi_5.4.bb: Build ashmem and binder drivers
README: Mention Yoe distro in supported distro list
linux-firmware-rpidistro: Update to 20190114-1+rpt8
linux-raspberrypi_5.4.bb: Update to 5.4.69
raspberrypi-firmware: Update to 20201002 snapshot
raspberrypi-tools: Update to latest snapshot as of 20200803
oeqa: Add 5.4 specific error messages to ignore list
rpi-default-settings: Replace default parselogs with parselogs_rpi
linux-raspberrypi: Fix build regression from last update
Leon Anavi (8):
rpi-base.inc: Add infrared dtbo
lirc_%.bbappend: Fix for gpio-ir
lirc_%.bbappend: Remove
rpi-u-boot-scr: Create uboot.env via boot.cmd.in
libubootenv_%.bbappend: Add fw_env.config
rpi-config: Add ENABLE_IR variable for infrared
rpi-base.inc: Include modules if IR is enabled
docs/extra-build-config.md: Infrared
Luis Alfredo da Silva (1):
Revert "mesa: querying dma_buf modifiers for specific formats"
M. ter Woord (1):
Update layer-contents.md to include pi4
Madhavan Krishnan (1):
libcamera: Define packageconfig to enable rpi pipeline
Marek Belisko (2):
u-boot: Fix booting raspberrypi CM3 module
u-boot: Fix booting raspberrypi CM3 module
Martin Jansa (10):
linux-raspberrypi-5.4: bump SRCREV to latest to fix perf build
layer.conf: Remove older releases from LAYERSERIES_COMPAT
linux-raspberrypi-5.4: backport a fix for perf build with -fno-common from gcc-10
rpi-gpio: add -fcommon temporarily
linux-raspberrypi-5.4: revert 1 commit from upstream to fix lttng-modules build
raspberrypi-{firmware,tools}: set downloadfilename
Revert "linux-raspberrypi-5.4: revert 1 commit from upstream to fix lttng-modules build"
linux-raspberrypi-5.4: bump SRCREV to fix raspberrypi3-64 builds
python3-rtimu: don't use trailing slash in S
Revert "libcamera: Define packageconfig to enable rpi pipeline"
Murat Kilivan (1):
linux-raspberrypi_5.4.bb: Add kernel-cache source
Pierre-Jean Texier (9):
raspberrypi-firmware: update to current HEAD
linux-raspberrypi: bump to Linux version 4.19.126
linux-raspberrypi: bump to Linux version 5.4.51
raspberrypi-firmware: update to current HEAD
rpi-default-versions: Switch defaults to 5.4
raspberrypi-firmware: update to current HEAD
linux-raspberrypi: bump to revision 4b945d5
raspberrypi-firmware: update to current HEAD
linux-raspberrypi: bump to Linux version 5.4.64
colin (3):
conf/machine/include/rpi-base.inc: Added can1 interface to bsp
rpi-config_git: Added ENABLE_DUAL_CAN build configuration
docs: Added documentation for Pican2 Duo support
poky: ed3bdd7fbc..424296bf9b:
Adrian Bunk (10):
git: Upgrade 2.24.1 -> 2.24.3
wireless-regdb: Upgrade 2019.06.03 -> 2020.04.29
libubootenv: Remove the DEPENDS on mtd-utils
iproute2: Remove -fcommon
libxcrypt2: Remove -fcommon
mesa: Remove -fcommon
at-spi2-atk: Remove -fcommon
menu-cache: Replace -fcommon with fix
matchbox-wm: Replace -fcommon with fix
librsvg: Upgrade 2.40.20 -> 2.40.21
Adrian Freihofer (1):
oe-publish-sdk: fix layers init via ssh
Alex Kiernan (1):
recipetool: Fix list concatenation when using edit
Alexander Kanavin (23):
testresults.json: add duration of the tests as well
lz4: disable static library
linux-firmware: upgrade 20200421 -> 20200519
build-sysroots: add sysroot paths with native binaries to PATH
patchelf: switch to git
powertop: switch to Arjan's git
apr-util: make gdbm optional
linux-firmware: upgrade 20200519 -> 20200619
gobject-introspection: add a patch to fix a build race
icu: make filtered data generation optional, serial and off by default
babeltrace: correct the git SRC_URI
gnutls: upgrade 3.6.13 -> 3.6.14
libexif: update to 0.6.22
testimage: add an overall timeout setting
oeqa: write @OETestTag content into json test reports for each case
linux-firmware: upgrade 20200619 -> 20200721
linux-firmware: update 20200721 -> 20200817
selftest/virgl: drop the custom 30 sec timeout
nasm: update 2.14.02 -> 2.15.03 for CVE fixes
linux-firmware: upgrade 20200817 -> 20201022
clutter-gst-3.0: do not call out to host gstreamer plugin scanner
ptest-runner: fix upstream version check
glib-2.0: correct build with latest meson
Andreas M?ller (1):
meson.bbclass: avoid unexpected operating-system names
Andrei Gherzan (2):
initscripts: Fix various shellcheck warnings in populate-volatile.sh
initscripts: Fix populate-volatile.sh bug when file/dir exists
Andrej Valek (1):
oeqa/runtime/cases/ptest: Make output content path absolute
Andrey Zhizhikin (3):
kernel/yocto: fix search for defconfig from src_uri
insane: check for missing update-alternatives inherit
insane: add GitLab /archive/ tests
Anibal Limon (2):
recipes-kernel: linux-firmware add qcom-venus-{5.2,5.4} packages
ptest-runner: Bump to 2.4.0
Anuj Mittal (1):
linux-yocto: bump genericx86 kernel version to v5.4.40
Aníbal Limón (3):
recipes-kernel/linux-firmware: Add wlanmdsp.mbn to qcom-modem package
recipes-kernel/linux-firmware: Add adreno-a630 firmware package
linux-firmware: Update to 20200122 -> 20200421
Armin Kuster (6):
curl: Security fixes for CVE-2020-{8169/8177}
wpa-supplicant: Security fix CVE-2020-12695
sqlite3: Security fix for CVE-2020-15358
glibc: Secruity fix for CVE-2020-6096
bind: update to 9.11.22 ESV
timezone: update to 2020b
Bjarne Michelsen (1):
devtool: default to empty string, if LIC_FILES_CHKSUM is not available
Bruce Ashfield (43):
linux-yocto/5.4: update to v5.4.38
linux-yocto/5.4: update to v5.4.40
kernel/reproducibility: kernel modules need SOURCE_DATE_EPOCH export
linux-yocto/5.4: update to v5.4.42
linux-yocto-rt/5.4: update to rt24
linux-yocto/5.4: temporarily revert IKHEADERS in standard kernels
linux-yocto: gather reproducibility configs into a fragment
linux-yocto/5.4: update to v5.4.43
linux-yocto/5.4: update to v5.4.45
linux-yocto-rt/5.4: update to rt25
linux-yocto/5.4: update to v5.4.46
linux-yocto/5.4: update to v5.4.47
linux-yocto/5.4: update to v5.4.49 and -rt28
yocto-bsps: bump reference boards to v5.4.49
kernel/yocto: ensure that defconfigs are processed first
linux-yocto/5.4: update to v5.4.50
kernel-yocto: account for extracted defconfig in elements check
linux-yocto/5.4: update to v5.4.51
linux-yocto-rt/5.4: fix mmdrop stress test issues
linux-yocto/5.4: update to v5.4.53
linux-yocto/5.4: fix perf build with binutils 2.35
linux-yocto/5.4: update to v5.4.54
linux-yocto-rt/5.4: update to rt32
linux-yocto/5.4: update to v5.4.56
linux-yocto/5.4: update to v5.4.57
linux-yocto/5.4: update to v5.4.58
linux-yocto/5.4: perf cs-etm: Move definition of 'traceid_list' global variable from header file
linux-yocto/5.4: update to v5.4.59
linux-yocto/5.4: update to v5.4.60
linux-yocto/5.4: update to v5.4.61
kernel-yocto: checksum all modifications to available kernel fragments directories
yocto-bsps: update reference BSPs to 5.4.54
yocto-bsp: update to v5.4.56
yocto-bsp: update to v5.4.58
kernel-yocto: add KBUILD_DEFCONFIG search location to failure message
linux-yocto/config: netfilter: Enable nat for ipv4 and ipv6
linux-yocto/5.4: update to v5.4.64
linux-yocto/5.4: update to v5.4.65
lttng-modules: backport writeback.h changes from 2.12.x to fix kernel 5.4.62+
linux-yocto/5.4: fix kprobes build warning
linux-yocto/5.4: update to v5.4.67
linux-yocto/5.4: update to v5.4.68
linux-yocto/5.4: update to v5.4.69
Changqing Li (10):
mime.bbclass: fix post install scriptlet error
modutils-initscripts: update postinst
initscripts: update postinst
gtk-icon-cache.bbclass: add runtime dependency
logrotate.py: fix testimage occasionally failure
gtk-immodules-cache.bbclass: fix post install scriptlet error
libffi: fix multilib header conflict
gpgme: fix multilib header conflict
toolchain-shar-extract.sh: don't print useless info
timezone: upgrade to 2020d
Charlie Davies (3):
u-boot: fix condition to allow use of *.cfg
bitbake: bitbake: fetch/git: add support for SRC_URI containing spaces in url
bitbake: bitbake: tests/fetch: add unit tests for SRC_URI with spaces in url
Chee Yang Lee (7):
qemu : fix CVE-2020-16092
bash : inlcude patch 17 & 18
xserver-xorg: fix CVE-2020-14346/14361/14362
libx11: fix CVE-2020-14363
perl: fix ptest test count
bluez5: update to 5.55 to fix CVE-2020-27153
ruby: fix CVE-2020-25613
Chen Qi (8):
db: do not install db_verify if 'verify' is not enabled
vim: restore the 'chmod -x' workaround in do_install
systemd-serialgetty: do not use BindsTo
oescripts.py: fix typo
oescripts: ignore whitespaces when comparing lines
rpm: fix nativesdk's default var location
grub: set CVE_PRODUCT to grub2
fribidi: extend CVE_PRODUCT to include fribidi
Chris Laplante (8):
bitbake: ui/teamcity: don't use removed logging classes
cve-update-db-native: add progress handler
cve-check/cve-update-db-native: use lockfile to fix usage under multiconfig
cve-update-db-native: use context manager for cve_f
cve-check: avoid FileNotFoundError if no do_cve_check task has run
cve-update-db-native: be less magical about checking whether the cve-check class is enabled
cve-update-db-native: move -journal checking into do_fetch
cve-update-db-native: remove unused variable
Christian Eggers (3):
libnl: Extend for native/nativesdk
avahi: Fix typo in recipe
packagegroup: rrecommend perf also for musl on ARM
Christophe GUIBOUT (1):
initramfs-framework: support kernel cmdline with double quotes
Daniel Ammann (1):
image.bbclass: improve wording when image size exceeds the specified limit
Daniel Gomez (1):
allarch: Add missing allarch ttf-bitstream-vera
Daniel McGregor (1):
buildhistory-collect-srcrevs: sort directories
David Khouya (2):
bitbake: lib/ui/taskexp: Validate gi import
bitbake: lib/ui/taskexp: Fix missing Gtk import
De Huo (1):
bash: fix CVE-2019-18276
Denys Zagorui (1):
binutils: reproducibility: reuse debug-prefix-map for stabs
Diego Santa Cruz (1):
freetype: fix CVE-2020-15999, backport from 2.10.4
Douglas (2):
nativesdk: clear MACHINE_FEATURES
nativesdk: Set the CXXFLAGS to the BUILDSDK_CXXFLAGS
Geoff Parker (1):
systemd-serialgetty: Replace sed quoting using ' with " to allow var expansion
Gratian Crisan (1):
kernel-module-split.bbclass: identify kernel modconf files as configuration files
Gregor Zatko (1):
sanity.bbclass: Detect and fail if 'inherit' is used in conf file
Guillaume Champagne (1):
weston: add missing packageconfigs
Hannu Lounento (1):
openssl: move ${libdir}/[...]/openssl.cnf to ${PN}-conf
Hongxu Jia (1):
iso-codes: switch upstream branch master -> main
Jacob Kroon (4):
bitbake: doc: Clarify how task dependencies relate to RDEPENDS
bitbake: doc: More explanation to tasks that recursively depend on themselves
squashfs-tools: Backport fix for compiling with gcc 10
insane: Check for feature check variables not being used
Jan-Simon Moeller (1):
file: add bzip2-replacement-native to DEPENDS to fix sstate issue
Jean-Francois Dagenais (1):
bitbake: siggen: clean_basepath: remove recipe full path when virtual:xyz present
Jens Rehsack (3):
u-boot: avoid blind merging all *.cfg
subversion: extend for nativesdk
serf: extend for nativesdk
Joe Slater (4):
terminal.py: do not stop searching for auto
qemu: force build type to production
vim: _FORTIFY_SOURCE=2 be gone
acpica: Upgrade 20200214 -> 20200430 for gcc-10 fixes
Jose Quaresma (13):
gstreamer1.0: Fix reproducibility issue around libcap
gstreamer1.0: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-plugins-base: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-plugins-good: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-plugins-bad: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-plugins-ugly: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-libav: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-vaapi: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-rtsp-server: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-omx: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-python: Update 1.16.2 -> Update 1.16.3
gst-validate: Update 1.16.2 -> Update 1.16.3
gstreamer1.0: warn the user when something is wrong with GstBufferPool
Joshua Watt (24):
checklayer: Skip layers without a collection
pycryptodome: Import from meta-python
pyelftools: Import from meta-python
python3-pycryptodome(x): Upgrade 3.9.4 -> 3.9.7
python3-pyelftools: Upgrade 0.25 -> 0.26
layer.conf: Bump OE-Core layer version
classes/archiver: Create patched archive before configuring
bitbake: hashserv: Chunkify large messages
bitbake: siggen: Fix error when hash equivalence has an exception
classes/archiver: run do_unpack_and_patch after do_preconfigure
classes/archive: do_configure should not depend on do_ar_patched
classes/cmake: Fix host detection
classes/package: Use HOST_OS for runtime dependencies
oeqa: runtime_tests: Extra GPG debugging
oeqa: sdk: Capture stderr output
wic: Add --offset argument for partitions
wic: Fix --extra-space argument handling
wic: Fix error message when reporting invalid offset
wic: Add 512 Byte alignment to --offset
classes/sanity: Bump minimum python version to 3.5
jquery: Upgrade 3.4.1 -> 3.5.0 to fix CVE-2020-11022 and CVE-2020-11023
classes/reproducible: Move to library code
lib/oe/reproducible: Fix error when no git HEAD
lib/oe/reproducible.py: Fix git HEAD check
Kai Kang (5):
gcr: depends on gnupg-native
bitbake: bitbake-user-manual-metadata.xml: fix a minor error
mdadm: remove service template from SYSTEMD_SERVICE
wpa-supplicant: remove service templates from SYSTEMD_SERVICE
encodings: clear postinst script
Kevin Hao (3):
wic/filemap: Drop the unused block_is_unmapped()
wic/filemap: Drop the unused get_unmapped_ranges()
wic/filemap: Fall back to standard copy when no way to get the block map
Khem Raj (25):
cve-check: Run it after do_fetch
make-mod-scripts: Fix a rare build race condition
glibc: Update to latest on 2.31 branch
wayland: fix condition for strndup detection
syslinux: Fix build with gcc10
valgrind: Do not use outline-atomics on aarch64
valgrind: Backport upstream patch to fix __getauxval needs
go: Disbale CGO for riscv64
go-dep: Fix build on riscv64
qemumips: Use 34Kf CPU emulation
glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch
gcc-9.3.inc: Mark CVE-2019-15847 as fixed
go: update 1.14.4 -> 1.14.6
go: Upgrade to 1.14.7
json-c: Fix CVE-2020-12762
util-linux: Allow update alternatives for additional apps
json-glib: Backport a build fix with clang
uninative: Upgrade to 2.9
rpcbind: Use update-alternatives for rpcinfo
populate_sdk_ext: Do not assume local.conf will always exist
site: Make sys_siglist default to no
packagegroups: remove strace and lttng-tools for rv32/musl
packagegroup-core-tools-debug: Disable for rv32/glibc as well
qemuboot.bbclass: Fix a typo
ptest-runner: Backport patch to fix inappropriate ioctl error
Konrad Weihmann (14):
qemurunner: fix ip fallback detection
sysfsutils: rem leftover settings for libsysfs-dev
cogl: point to correct HOMEPAGE
runqemu: add QB_ROOTFS_EXTRA_OPT parameter
testimage: enable ovmf support
systemd: remove kernel-install from base pkg
bitbake: pyshyacc: allow double COMMA statements
ptest: append to FILES
cve-update: handle baseMetricV2 as optional
testexport: rename create_tarball method
bitbake: bitbake-user-manual: Add BBFILES_DYNAMIC
oeqa/core/context: expose results as variable
oeqa/core/context: initialize _run_end_time
testimage: print results for interrupted runs
Kurt Kiefer (1):
linux-firmware: add ibt-20 package
Lee Chee Yang (31):
qemu: fix CVE-2020-11869
bind: fix CVE-2020-8616/7
libexif: fix CVE-2020-13114
qemu: fix CVE-2020-13361
dbus: fix CVE-2020-12049
perl: fix CVE-2020-10543 & CVE-2020-10878
oeqa/core/loader: refine regex to find module
qemu: fix CVE-2020-10702/10761/13362/13659/13800
python3: fix CVE-2020-14422
bison: fix Argument list too long error
systemd : fix CVE-2020-13776
buildhistory: use pid for temporary txt file name
checklayer: check layer in BBLAYERS before test
ghostscript: fix CVE-2020-15900
qemu: fix CVE-2020-15863
libjpeg-turbo: fix CVE-2020-13790
webkitgtk: fix CVE-2020-13753
ghostscript: update to 9.52
perl: fix CVE-2020-12723
xserver-xorg: fix CVE-2020-14347
qemu: fix CVE-2020-14364 CVE-2020-14415
libx11 : fix CVE-2020-14344
libproxy: fix CVE-2020-25219
python3: fix CVE-2020-26116
grub2: fix CVE-2020-10713
ffmpeg: fix CVE-2020-12284
libproxy: fix CVE-2020-26154
bison: update to 3.5.4 for CVE-2020-14150
python3: whitelist CVE-2020-15523
python3: fix CVE-2020-27619
qemu: fix CVE-2020-24352
Lili Li (1):
kernel.bbclass: Fix Module.symvers support
Marco Felsch (1):
util-linux: alternatify rtcwake
Marek Vasut (5):
libubootenv: Depend on zlib
lttng-modules: update to 2.11.6
lttng-tools: update to 2.11.5
lttng-ust: update to 2.11.1
stress-ng: Upgrade 0.11.01 -> 0.11.17
Mark Hatle (3):
sstate.bbclass: When siginfo or sig files are missing, stop fetcher errors
package_tar.bbclass: Sync to the other package_* classes
package.bbclass: Sort shlib2 output for hash equivalency
Mark Jonas (5):
Add license text for PSF-2.0
Map license names PSF and PSFv2 to PSF-2.0
libsdl2: Fix directfb syntax error
libsdl2: Fix directfb SDL_RenderFillRect
libbsd: Remove BSD-4-Clause from main package
Martin Jansa (13):
net-tools: backport a patch from upstream to use the same ifconfig format as debian/ubuntu
perf: backport a fix for confusing non-fatal error
devtool: expand SRC_URI when guessing recipe update mode
arch-armv7a.inc: fix typo
arch-mips.inc: remove duplicated mips64el-o32 from PACKAGE_EXTRA_ARCHS_tune-mips64el-o32
tune-mips64r6.inc: fix typo in mipsisa64r6-nf
tune-ep9312.inc: add t suffix for thumb to PACKAGE_EXTRA_ARCHS_tune-ep9312
tune-riscv.inc: use nf suffix also for TUNE_PKGARCH
siteinfo: Recognize 32bit PPC LE
siteinfo: Recognize bigendian sh3be and sh4be
lib/oe/patch: prevent applying patches without any subject
lib/oe/patch: GitApplyTree: save 1 echo in commit-msg hook
Revert "lib/oe/patch: fix handling of patches with no header"
Matt Madison (2):
cogl-1.0: correct X11 dependencies
image.bbclass: fix REPRODUCIBLE_TIMESTAMP_ROOTFS reference
Matthew (1):
ltp: make copyFrom scp command non-fatal
Max Krummenacher (2):
linux-firmware: package marvel sdio 8997 firmware
linux-firmware: package nvidia firmware
Maxime Roussin-Bélanger (1):
meta: fix some unresponsive homepages and bugtracker links
Michael Gloff (2):
sysvinit: Remove ${B} assignment
sysvinit rc: Use PSPLASH_FIFO_DIR for progress fifo
Michael Tretter (1):
devtool: deploy-target: Fix size calculation for hard links
Mikko Rapeli (2):
alsa-topology-conf: use ${datadir} in do_install()
alsa-ucm-conf: use ${datadir} in do_install()
Ming Liu (6):
u-boot: introduce UBOOT_INITIAL_ENV
u-boot: support merging .cfg files for UBOOT_CONFIG
conf/machine: set UBOOT_MACHINE for qemumips and qemumips64
multilib.conf: add u-boot to NON_MULTILIB_RECIPES
libubootenv: uprev to v0.3
libubootenv: inherit uboot-config
Mingli Yu (5):
bison: fix the parallel build
python3-setuptools: add the missing rdepends
python3-libarchive-c: add the missing rdepends
update_udev_hwdb: clean hwdb.bin
python3: add ldconfig rdepends for python3-ctypes
Naoki Hayama (1):
uninative: Fix typo in error message
Nathan Rossi (1):
diffstat: add nativesdk to BBCLASSEXTEND
Neil Armstrong (1):
linux-firmware: add Amlogic VDEC firmware package
Nicolas Dechesne (2):
checklayer: parse LAYERDEPENDS with bb.utils.explode_dep_versions2()
linux-libc-headers: kernel headers are installed in STAGING_KERNEL_BUILDDIR
Norman Stetter (1):
sstate.bbclass: Check file ownership before doing 'touch -a'
Oleksandr Kravchuk (1):
ell: update to 0.33
Otavio Salvador (7):
systemd: Sync systemd-serialgetty@.service with upstream
mtd-utils: Fix return value of ubiformat
go-mod.bbclass: Add class for `go mod` support
glide: Avoid use of 'go mod' support
go-dep: Avoid use of 'go mod' support
go.bbclass: Add `-trimpath` to default build flags
openssh: Allow enable/disable of rng-tools recommendation on sshd
Ovidiu Panait (1):
libxml2: Fix CVE-2020-24977
Paul Barker (5):
archiver.bbclass: Make do_deploy_archives a recursive dependency
avahi: Don't advertise example services by default
archiver: Fix test case for srpm archiver mode
oe-selftest: Allow overriding the build directory used for tests
oe-selftest: Recursively patch test case paths
Peter A. Bigot (1):
bluez5: fix builds that require ell support
Peter Kjellerstedt (2):
cairo: Do not try to remove nonexistent directories
relocatable.bbclass: Avoid an exception if an empty pkgconfig dir exist
Pierre-Jean Texier (2):
ell: upgrade 0.31 -> 0.32
libubootenv: upgrade 0.3 -> 0.3.1
Quentin Schulz (1):
base/insane: Check pkgs lics are subset of recipe lics only once
Rahul Chauhan (1):
busybox: Security Fix For CVE-2018-1000500
Rahul Kumar (1):
systemd-serialgetty: Fix sed expression quoting
Ralph Siemsen (1):
cve-check: include epoch in product version output
Randy MacLeod (1):
curl: Change SRC_URI from http to https
Rasmus Villemoes (3):
coreutils: don't split stdbuf to own package with single-binary
kernel.bbclass: run do_symlink_kernsrc before do_patch
cml1: Move find_cfgs() helper to cml1.bbclass
Ricardo Salveti (1):
dosfstools: add mkfs.vfat to ALTERNATIVE
Richard Leitner (7):
libtirpc: remove extra "-fcommon" from CFLAGS
gdbm: add patch to fix link failure against gcc 10
dtc: update to 1.6.0
libcomps: update to 0.1.15
binutils: add patch to fix issues with gcc 10
cpio: add patch to fix issues with gcc 10
xcb-proto: backport fix for python gcd function
Richard Purdie (72):
resulttool/report: Remove leftover debugging
resulttool/log: Add ability to dump ltp logs as well as ptest
poky.conf: Bump version for 3.1.1 dunfell release
build-appliance-image: Update to dunfell head revision
build-appliance: Update branch to point at dunfell
build-appliance-image: Update to dunfell head revision
ltp: Exclude the memcg_stress tests due to timeout problems
maintainers: Update Ross' email address
logrotate: Drop obsolete setting/comment
oeqa/targetcontrol: Rework exception handling to avoid warnings
patchelf: Add patch to address corrupt shared library issue
bitbake: tests/fetch: Switch from git.infradead.org to a YP mirror
ltp: Add missing dependencies on coreutils, bc, e2fsprogs and gdb
perl: Fix host specific modules problems
bitbake: runqueue: Avoid unpickle errors in rare cases
bitbake: msg: Avoid issues where paths have relative components
pseudo: Fix attr errors due to incorrect library resolution issues
oeqa/selftest/runcmd: Add better debug for thread count mismatch failures
oeqa/utils/command: Improve stdin handling in runCmd
scripts/install-buildtools: Update to 3.2 M1 buildtools
scripts/install-buildtools: Handle new format checksum files
oeqa/selftest: Clean up separate builddir in success case when non-threaded
populate_sdk_ext: Fix to use python3, not python
oeqa/selftest: recipetool/devtool: Avoid load_plugin test race
oeqa/targetcontrol: Attempt to fix log closure warning message
rootfs-postcommands: Improve/fix rootfs_check_host_user_contaminated
bitbake: server/process: Increase timeout for commands
bitbake: fetch2: Change git fetcher not to destroy old references
bitbake: server/process: Fix a rare lockfile race
bitbake: server/process: Ensure UI-less servers don't sit in infinite loops
bitbake: server/process: Fix note reference -> info
oeqa/selftest/sstatetests: Avoid polluting DL_DIR
qemurunner: Ensure pid location is deterministic
qemurunner: Add extra debug info when qemu fails to start
oeqa/utils/qemurunner: Fix missing pid file tracebacks
bitbake: cooker: Handle multiconfig name mappings correctly
bitbake: server/process: Fix UI first connection tracking
bitbake: server/process: Account for xmlrpc connections
oeqa/qemurunner: Add priority/nice information for running processes
uninative: Handle PREMIRRORS generically
selftest/tinfoil: Increase wait event timeout
runqemu: Show an error for conflicting graphics options
selftest/prservice: Improve test failure message
bitbake: fetch2: Drop cups.org from wget status checks
runqemu: Add a hook to allow it to renice
selftest/signing: Ensure build path relocation is safe
oeqa/concurrencytest: Improve builddir path manipulations
bitbake: tests/fetch: Move away from problematic freedesktop.org urls
build-appliance-image: Update to dunfell head revision
scripts/oe-build-perf-report: Use python3 from the environment
build-appliance-image: Update to dunfell head revision
python3-markupsafe: Import from meta-oe/meta-python
python3-jinja2: Import from meta-oe/meta-python
buildtools-tarball: Add python3-jinja2
dropbear/openssh: Lower priority of key generation
buildtools: Handle generic environment setup injection
buildtools-tarball: Fix conflicts with oe-selftest and other tooling
oeqa/qemurunner: Increase serial timeout
oeqa/selftest/incompatible_lib: Fix append usage
oeqa/selftest/containerimage: Update to match assumptions in configuration
ssh-pregen-hostkeys: Add a recipe with pregenerated ssh host keys
glibc: do_stash_locale must not delete files from ${D}
libtools-cross/shadow-sysroot: Use nopackages inherit
scripts/oe-build-perf-report: Allow operation with no buildstats
oe-build-perf-report: Ensure correct data is shown for multiple branch options
bitbake: tests/fetch: Update upstream master->main branchname transition
oeqa: Add sync call to command execution
sstatesig: Log timestamps for hashequiv in reprodubile builds for do_package
ptest-runner: Fix license as it contains 'or later' clause
libdnf: Fix license as it contains 'or later' clause
alsa-utils: Fix license to GPLv2 only
build-appliance-image: Update to dunfell head revision
Robert P. J. Day (7):
ref-manual: fix excessive command indentation
ref-manual: IMAGE_TYPES, add tar.zst, delete elf
ref-manual: typo "SSTATE_MIRROR" -> "SSTATE_MIRRORS"
ref-manual: Remove long-dead PACKAGE_GROUP variable
ref-manual: delete long-unused comments in variable glossary
bitbake: docs: delete reference to obsolete recipe-depends.dot
bitbake: user manual: properly tag content as <replaceable>
Robert Yang (2):
archiver.bbclass: Fix duplicated SRC_URIs for do_ar_original
openssl: openssl-bin requires openssl-conf to run
Ross Burton (20):
install-buildtools: fail if an error occurs
install-buildtools: remove hardcoded x86-64 architecture
common-licenses: add BSD-2-Clause-Patent
gstreamer1.0-plugins-bad: add support for vdpau
common-licenses: fix filename of BSD-2-Clause-Patent
insane: consolidate skipping of temporary do_package files
startup-notification: add time_t type mismatch patch from upstream
package.bbclass: explode the RPROVIDES so we don't think the versions are provides
insane: improve gnu-hash-style warning
gdk-pixbuf: add tests PACKAGECONFIG
insane: only load real files as ELF
autoconf: consolidate DEPENDS
curl: add vendors to CVE_PRODUCT to exclude false positives
cmake: whitelist CVE-2016-10642
alsa-plugins: improve .la removal
sato-screenshot: improve .la removal
meta: add/fix invalid Upstream-Status tags
gcc: mitigate the Straight-line Speculation attack
glib-2.0: fix parsing of slim encoded tzdata
syslinux: add link to upstream discussion in patch
Sakib Sajal (1):
busybox: make hwclock compatible with glibc 2.31
Steve Sakoman (31):
poky: Add Ubuntu 20.04 as a supported distro
Documenation: Prepared for the 3.1.1 release
oeqa/concurrencytest: don't delete build directory for failed tests
Documentation: Add 3.1.1 version updates missing from previous commit
u-boot-tools: backport patch from upstream to fix gcc 10 builds
buildtools-tarball: export OPENSSL_CONF in environment setup
u-boot: move redundant-yyloc-global patch to u-boot-common.inc
poky.conf: Bump version for 3.1.2 release
Documenation: Prepared for the 3.1.2 release
poky: Add fedora32 as a supported distro
glib-networking: upgrade 2.62.3 to 2.62.4
Revert "gtk-icon-cache.bbclass: add runtime dependency"
glib-2.0: update 2.62.4 to 2.62.5
glib-2.0: update 2.62.5 to 2.62.6
sanity.conf: update BB_MIN_VERSION to 1.46.0
Documenation: Prepared for the 3.1.3 release
poky.conf: Bump version for 3.1.3 release
Revert "kernel.bbclass: run do_symlink_kernsrc before do_patch"
xinput-calibrator: change SRC_URI to branch with libinput support
Revert "lttng-modules: backport writeback.h changes from 2.12.x to fix kernel 5.4.62+"
qemu: fix CVE-2019-20175
sqlite3: fix CVE-2020-13434
sqlite3: fix CVE-2020-13435
sqlite3: fix CVE-2020-13630
sqlite3: fix CVE-2020-13631
sqlite3: fix CVE-2020-13632
netbase: update SRC_URI to reflect new file name
netbase: bump PE to purge bogus hash equivalence from autobuilder
Documenation: Prepared for the 3.1.4 release
openssh: whitelist CVE-2014-9278
poky.conf: Bump version for 3.1.4 release
Sumit Garg (1):
insane: fix gnu-hash-style check
TeohJayShen (2):
oeqa/manual/bsp-hw.json : remove shutdown_system test
oeqa/manual/bsp-hw.json : remove X_server_can_start_up_with_runlevel_5_boot test
Tim Orling (4):
bitbake: toaster-requirements.txt: require Django 2.2
lib/oe/recipeutils.py: add AUTHOR; BBCLASSEXTEND
scripts/lib/recipetool/create.py: fix regex strings
oeqa/selftest/cases/devtool.py: avoid .pyc race
Timon Ulrich (1):
kernel.bbclass: add lz4 dependency and fix the call to lz4
Trevor Gamblin (1):
qemuarm: check serial consoles vs /proc/consoles
Tuomas Salokanto (1):
recipetool: create: fix SRCBRANCH not being passed to params
Tyler Hicks (1):
kernel-devicetree: Fix intermittent build failures caused by DTB builds
Vacek, Patrick (1):
oeqa/core/loader: fix regex to include numbers
Vasyl Vavrychuk (1):
runqemu: Check gtk or sdl option is passed together with gl or gl-es options.
Victor Kamensky (1):
qemu: change TLBs number to 64 in 34Kf mips cpu model
Vijai Kumar K (2):
image_types_wic: Add ASSUME_PROVIDED to WICVARS
wic: misc: Add /bin to the list of searchpaths
Viktor Rosendahl (1):
boost: backport fix to make async_pipes work with asio
Wang Mingyu (2):
libdrm: upgrade 2.4.100 -> 2.4.101
xserver-xorg: upgrade 1.20.7 -> 1.20.8
Yann Dirson (1):
package: get_package_mapping: avoid dependency mapping if renamed package provides original name
Yann E. MORIN (2):
common-licenses: add bzip2-1.0.4
recipes-core/busybox: fixup licensing information
Yi Zhao (1):
bind: upgrade 9.11.19 -> 9.11.21
Yoann Congal (1):
bitbake-bblayers/create: Make the example recipe print its message
Yongxin Liu (5):
linux-firmware: add ice for Intel E800 series driver
linux-firmware: fix the wrong file path for ibt-misc
linux-firmware: move ibt-misc to the end of ibt packages
grub: fix several CVEs in grub 2.04
grub: clean up CVE patches
Zhixiong Chi (1):
gnutls: CVE-2020-24659
akash hadke (1):
systemd: udev SECLABEL{selinux} crash fix
akuster (4):
bind: update to 9.11.19
bitbake: test/fetch: change to better svn source
glibc: whitelist CVE-2010-10029
cve-check.bbclass: always save cve report
haiqing (1):
libpam: Remove option 'obscure' from common-password
hongxu (2):
core-image-minimal-initramfs: keep restriction with initramfs-module-install
sysstat: fix installed-vs-shipped QA Issue in systemd
wenlin.kang@windriver.com (1):
populate_sdk_base.bbclass: fix warning: name not matched
zhengruoqin (4):
make-mod-scripts: Fix dependence error.
libtirpc: upgrade 1.2.5 -> 1.2.6
gnutls: Fix krb5 code license to GPLv2.1+ to match the LICENSE file.
ruby: upgrade 2.7.0 -> 2.7.1
meta-openembedded: e413c1ef62..f2d02cb71e:
Adrian Bunk (4):
unicode-ucd: Stop broken license downloading
postfix: Upgrade 3.4.10 -> 3.4.12
python3-docutils: Remove, moved to OE-core
gnome-settings-daemon: Remove duplicate outdated SRC_URI hashes
Alex Kiernan (1):
zstd: Upgrade 1.4.4 -> 1.4.5
Alistair Francis (1):
python3-obd: Add missing setuptools RDEPENDS
Anatol Belski (1):
chrony: Patch CVE-2020-14367
Andreas Müller (11):
gexiv2: upgrade 0.12.0 -> 0.12.1
thunar: upgrade 1.8.14 -> 1.8.15
fluidsynth: upgrade 2.1.2 -> 2.1.3
libblockdev: upgrade 2.23 -> 2.24
openh264: upgrade 2.1.0 -> 2.1.1
tcpreplay: upgrade 4.3.2 -> 4.3.3
blueman: upgrade 2.1.1 -> 2.1.3
modemmanager: upgrade 1.12.10 -> 1.12.12
ibus: upgrade 1.5.21 -> 1.5.22
exiv2: upgrade 0.27.1 -> 0.27.3
gnome-settings-daemon: Remove wrong RDEPEND
Andrew Geissler (1):
nlohmann-json: backport gcc10 fix
Armin Kuster (9):
tremor: update SRC_URI as project moved to gitlab
ntp: update 4.2.8p15
net-snmp: Security fix CVE-2019-20892
wireshark: Update to 3.2.5
Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"
jsoncpp: add PE do to revert to older PV
vlc: fix loop initial declarations are only allowed in C99 mode
babl-native: fix build issue
gnome-settings-daemon: Backport 3.36 fix for building without wayland
Bog999 (1):
python3: Add python3-cryptography to RDEPENDS for python3-redis
Changqing Li (4):
python-django: add RDEPENDS
python-m2crypto: Add RDEPENDS
libmcrypt: set CLEANBROKEN
radvd: add /etc/radvd.conf
Christian Eggers (1):
linuxptp: Fix segmentation fault on 32 bit platforms with 64 bit time_t
Christoph Steiger (1):
python-periphery: Add python-mmap to RDEPENDS
Denys Dmytriyenko (2):
python3-pycryptodome(x): moved to OE-Core, remove from meta-python
python3-pyelftools: moved to OE-Core, remove from meta-python
Diego Rondini (5):
README: fix incorrect links
gvfs: adjust fuse packageconfig to fuse3
libeigen: update SRC_URI to download from gitlab
libeigen: update SRC_URI to use gitlab git
hplip: use libexecdir
Domarys Correa (2):
python3-jinja2: Update 2.11.1 -> 2.11.2
python3-pyyaml: Update 5.3 -> 5.3.1
Gianluca Pacchiella (1):
Add missing dependencies for rsnapshot.
Hongxu Jia (2):
multipath-tools: fix compiling parallel issue
python3-pykwalify: fix missing comma
Julius Hemanth Pitti (1):
netkit-telnetd: Fix buffer overflow in netoprintf
Kai Kang (6):
xfconf: 4.14.2 -> 4.14.3
thunar: 1.8.12 -> 1.8.14
catfish: 1.4.11 -> 1.4.13
plymouth: disable systemd-integration for sysvinit
lvm2: remove service template from SYSTEMD_SERVICE
rdist: fix parallel build
Khem Raj (10):
netplan: Depend on systemd if it is in distro
uim: Add patch to fix -fno-common link error
postfix: Upgrade to 3.4.10 and compile with -fcommon
safec: Update to latest on 3.5.1 release tags
nss: Remove mcpu to avoid march conflicts
samba: Fix conflicts with nss.h from glibc
flashrom: Fix build failure with glibc 2.32
iwd: Upgrade to 1.9
ssmtp: Use update alternatives for conflicts with esmtp
ubi-utils-klibc: Remove trailing slash from S
Konrad Weihmann (10):
passwdqc: remove double modify operation
sound-theme-freedesktop: remove double depends
python3-cmd2: remove double colorama in RDEPENDS
python3-smbus2: remove duplicate RDEPENDS settings
python3-twisted: remove double var modification
proftpd: Fix typo for SRC_URI[md5sum]
netkit-rsh: properly append PACKAGECONFIG
zile: properly append PACKAGECONFIG
libtalloc: fix upstream url
openldap: packaging fixes
Lee Chee Yang (2):
glog : improve reproducibility
libgphoto2: improve reproducibility
Leon Anavi (8):
python3-gmqtt: Upgrade to 0.6.5
python3-appdirs: Upgrade to 1.4.4
python3-pandas: Upgrade 1.0.1 -> 1.0.3
python3-parallax: Upgrade 1.0.5 -> 1.0.6
python3-openpyxl: Upgrade 2.6.3 -> 3.0.3
python3-colorama: Upgrade 0.4.1 -> 0.4.3
python3-sqlalchemy: Upgrade 1.3.12 -> 1.3.17
python3-pandas: Upgrade 1.0.3 -> 1.0.5
Maciej Pijanowski (1):
qpdf: fix typo in RDEPENDS
Mark Jonas (1):
python3-pyinotify: Add missing ctypes dependency
Martin Jansa (6):
irssi: package libirc_proxy.a in PN-staticdev
meta-python: depend on core version 12 or higher
lcov: fix lcov-native build
netkit-rsh: inherit update-alternatives
ssmtp: adjust u-a
remmina: use git fetcher
Mingli Yu (5):
python3-m2crypto: add the missing rdepends
freeradius: fix the existed certificate error
freeradius: fix the occasional verification failure
smartmontools: Remove obsolete setting regarding the Standard Output
strongswan: Remove obsolete setting regarding the Standard Output
Oleksandr Kravchuk (1):
iwd: update to 1.8
Ovidiu Panait (3):
freediameter: Fix testcnx ptest failure
nss: Fix CVE-2020-12399
net-snmp: Fix CVE-2020-15861 and CVE-2020-15862
Patrick Williams (1):
net-snmp: refresh patches
Paul Eggleton (1):
protobuf-c: disable parallelism to avoid race condition
Pierre-Jean Texier (15):
librsync: upgrade 2.3.0 -> 2.3.1
ser2net: fix upstream check URL
ser2net: upgrade 4.1.5 -> 4.1.8
zchunk: upgrade 1.1.5 -> 1.1.6
uriparser: upgrade 0.9.3 -> 0.9.4
jsoncpp: upgrade 1.9.2 -> 1.9.3
jpnevulator: upgrade 2.3.4 -> 2.3.5
libnftnl: upgrade 1.1.6 -> 1.1.7
nftables: upgrade 0.9.4 -> 0.9.5
haveged: upgrade 1.9.8 -> 1.9.9
rsnapshot: upgrade 1.4.2 -> 1.4.3
fuse3: upgrade 3.9.1 -> 3.9.2
minicoredumper: update SRC_URI to use github instead
iwd: upgrade 1.6 -> 1.7
haveged: upgrade 1.9.9 -> 1.9.13
Qi.Chen@windriver.com (2):
python-django: set CVE_PRODUCT to be django
multipath-tools: disable parallel build as a workaround
Robert Joslyn (1):
postgresql: Update to 12.4
Robert Yang (2):
drbd-utils: Add CLEANBROKEN to fix rebuild errors
crda: rdepends on wireless-regdb-static
Ross Burton (1):
mpv: fetch waf in do_fetch
Ryan Rowe (1):
python3-pint: add setuptools and packaging to RDEPENDS
Trevor Gamblin (1):
python3-iso8601: add python3-numbers to RDEPENDS
Ulrich Ölmann (1):
usb-modeswitch, usb-modeswitch-data: fix usrmerge
Wang Mingyu (7):
jansson: upgrade 2.12 -> 2.13.1
openldap: upgrade 2.4.49 -> 2.4.50
python3-pycparser: upgrade 2.19 -> 2.20
cryptsetup: upgrade 2.3.1 -> 2.3.2
postgresql: 12.2 -> 12.3
openipmi: upgrade 2.0.28 -> 2.0.29
twm: upgrade 1.0.10 -> 1.0.11
Yanfei Xu (1):
turbostat: fix the build failure for new v5.7-rc6 kernel
Yi Zhao (4):
apache2: create log/run directory via pkg_postinst
samba: upgrade 4.10.15 -> 4.10.17
libldb: upgrade 1.5.7 -> 1.5.8
samba: upgrade 4.10.17 -> 4.10.18
Yue Tao (1):
lua: Security Advisory - lua - CVE-2020-15888
Zang Ruochen (12):
dnsmasq: upgrade 2.80 -> 2.81
fetchmail: upgrade 6.4.3 -> 6.4.4
libgphoto2: upgrade 2.5.24 -> 2.5.25
mosquitto: upgrade 1.6.9 -> 1.6.10
snort: upgrade 2.9.15 -> 2.9.16
wireshark: upgrade 3.2.2 -> 3.2.4
proj: upgrade 7.0.0 -> 7.0.1
libvpx: upgrade 1.8.1 -> 1.8.2
mm-common: upgrade 1.0..0 -> 1.0.1
nftables: upgrade 0.9.5 -> 0.9.6
wireshark: upgrade 3.2.5 -> 3.2.6
wireshark: upgrade 3.2.6 -> 3.2.7
Zheng Ruoqin (11):
dstat: Fix runtime error that depend python.
kea: upgrade 1.7.6 -> 1.7.7
libqmi: upgrade 1.24.8 -> 1.24.12
nano: upgrade 4.9.2 -> 4.9.3
gsoap: upgrade 2.8.100 -> 2.8.103
logwatch: upgrade 7.5.1 -> 7.5.3
libnet-dns-perl: upgrade 1.23 -> 1.24
Fix build error when enable multilib.
mraa: Disable python2, otherwise, there is a build error when enable multilib.
paho-mqtt-c: Fix build error when enable multilib.
upm:Fix build error when enable multilib.
meta-security: d83f7cb0c9..c74cc97641:
Adrian (1):
gitignore added
Alexander Kanavin (1):
apparmor: pull in coreutils/findutils only when not using systemd as init manager
Armin Kuster (15):
isafw.bbclass: typo in layer name
trousers: Several Security fixes
gitlab-ci: add support for dunfell
packagegroup-core-security-ptest: update fail2ban ptest pkg name
packagegroup-core-security: remove clamav for riscv*
libsecomp: rv32/rv64 target builds are not supported yet
packagegroup-core-security: remove libseccomp for riscv*
packagegroup-core-security: dont include suricata on riscv or ppc
apparmor: exclude mips64, not supported
apparmor: fix build issue with ptest enabled.
packagegroup-core-security: remove clamav from musl image
ibmswtpm2: fix QA warning
README: updated branch for Dunfell
apparmor: fix issue with older use of shell in make
apparmor: fix QA warning with systemd enabled
Charlie Davies (2):
clamav: add INSTALL_CLAMAV_CVD flag to do_install
clamav: update SO_VER to 9.0.4
Jeremy Puhlman (4):
clamav: resolve multilib issues
tripwire: Remove makefiles from the man directories.
cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-dev
packagegroup-security-tpm2: Depend on preferred provider for cryptsetup
Jonatan Pålsson (1):
sssd: Make manpages buildable
Kai Kang (1):
sssd: disable build secrets
Mingli Yu (1):
scap-security-guide: add expat-native to DEPENDS
Naveen Saini (3):
initramfs-framework/dmverity: add retry loop for slow boot devices
wic: add wks.in for intel dm-verity
linux-%/5.x: Add dm-verity fragment as needed
Sajjad Ahmed (1):
layer.conf: use += instead of := to update BBFILES
Zheng Ruoqin (2):
ccs-tools:Fix build error when enable multilib.
bastille: Deleted redundant inherit to fix error when enable multilib.
niko.mauno@vaisala.com (12):
dm-verity-img.bbclass: Fix bashisms
dm-verity-img.bbclass: Reorder parse-time check
dm-verity-image-initramfs: Ensure verity hash sync
dm-verity-image-initramfs: Bind at do_image instead
linux-yocto(-dev): Add dm-verity fragment as needed
dm-verity-img.bbclass: Stage verity.env file
initramfs-framework: Add dmverity module
dm-verity-image-initramfs: Use initramfs-framework
dm-verity-initramfs-image: Cosmetic improvements
dm-verity-image-initramfs: Add base-passwd package
dm-verity-image-initramfs: Drop locales from image
beaglebone-yocto-verity.wks.in: Refer IMGDEPLOYDIR
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I9d46472961318a9060013505d7cb5df46b4ea38a
Diffstat (limited to 'poky/meta/recipes-devtools/python')
15 files changed, 399 insertions, 2 deletions
diff --git a/poky/meta/recipes-devtools/python/python-pycryptodome.inc b/poky/meta/recipes-devtools/python/python-pycryptodome.inc new file mode 100644 index 0000000000..68b084eb04 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python-pycryptodome.inc @@ -0,0 +1,26 @@ +SUMMARY = "Cryptographic library for Python" +DESCRIPTION = "PyCryptodome is a self-contained Python package of low-level\ + cryptographic primitives." +HOMEPAGE = "http://www.pycryptodome.org" +LICENSE = "PD & BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=6dc0e2a13d2f25d6f123c434b761faba" + +inherit pypi + +RDEPENDS_${PN} += " \ + ${PYTHON_PN}-io \ + ${PYTHON_PN}-math \ +" + +RDEPENDS_${PN}-tests += " \ + ${PYTHON_PN}-unittest \ +" + +PACKAGES =+ "${PN}-tests" + +FILES_${PN}-tests = " \ + ${PYTHON_SITEPACKAGES_DIR}/Crypto/SelfTest/ \ + ${PYTHON_SITEPACKAGES_DIR}/Crypto/SelfTest/__pycache__/ \ +" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python-setuptools.inc b/poky/meta/recipes-devtools/python/python-setuptools.inc index 58267966ba..29be852f66 100644 --- a/poky/meta/recipes-devtools/python/python-setuptools.inc +++ b/poky/meta/recipes-devtools/python/python-setuptools.inc @@ -16,6 +16,7 @@ SRC_URI[sha256sum] = "89c6e6011ec2f6d57d43a3f9296c4ef022c2cbf49bab26b407fe67992a DEPENDS += "${PYTHON_PN}" RDEPENDS_${PN} = "\ + ${PYTHON_PN}-2to3 \ ${PYTHON_PN}-compile \ ${PYTHON_PN}-compression \ ${PYTHON_PN}-ctypes \ @@ -25,6 +26,7 @@ RDEPENDS_${PN} = "\ ${PYTHON_PN}-json \ ${PYTHON_PN}-netserver \ ${PYTHON_PN}-numbers \ + ${PYTHON_PN}-pickle \ ${PYTHON_PN}-pkgutil \ ${PYTHON_PN}-plistlib \ ${PYTHON_PN}-shell \ diff --git a/poky/meta/recipes-devtools/python/python3-jinja2/run-ptest b/poky/meta/recipes-devtools/python/python3-jinja2/run-ptest new file mode 100644 index 0000000000..5cec711696 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-jinja2/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +pytest diff --git a/poky/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb b/poky/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb new file mode 100644 index 0000000000..89538d2f27 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb @@ -0,0 +1,45 @@ +DESCRIPTION = "Python Jinja2: A small but fast and easy to use stand-alone template engine written in pure python." + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462" + +SRC_URI[sha256sum] = "89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0" + +PYPI_PACKAGE = "Jinja2" + +CLEANBROKEN = "1" + +inherit pypi setuptools3 +# ptest disabled in OE-Core for now due to missing dependencies + + +SRC_URI += " \ + file://run-ptest \ +" + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ +} + +RDEPENDS_${PN}-ptest += " \ + ${PYTHON_PN}-pytest \ + ${PYTHON_PN}-unixadmin \ +" + +RDEPENDS_${PN} += " \ + ${PYTHON_PN}-asyncio \ + ${PYTHON_PN}-crypt \ + ${PYTHON_PN}-io \ + ${PYTHON_PN}-json \ + ${PYTHON_PN}-markupsafe \ + ${PYTHON_PN}-math \ + ${PYTHON_PN}-netclient \ + ${PYTHON_PN}-numbers\ + ${PYTHON_PN}-pickle \ + ${PYTHON_PN}-pprint \ + ${PYTHON_PN}-shell \ + ${PYTHON_PN}-threading \ +" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-libarchive-c_2.9.bb b/poky/meta/recipes-devtools/python/python3-libarchive-c_2.9.bb index 4983ae527a..3a2d8733e9 100644 --- a/poky/meta/recipes-devtools/python/python3-libarchive-c_2.9.bb +++ b/poky/meta/recipes-devtools/python/python3-libarchive-c_2.9.bb @@ -12,6 +12,10 @@ inherit pypi setuptools3 SRC_URI[md5sum] = "083bd2cb0043c1e22a52cb9a05e31532" SRC_URI[sha256sum] = "9919344cec203f5db6596a29b5bc26b07ba9662925a05e24980b84709232ef60" -RDEPENDS_${PN} += "libarchive" +RDEPENDS_${PN} += "\ + libarchive \ + ${PYTHON_PN}-ctypes \ + ${PYTHON_PN}-mmap \ +" BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-devtools/python/python3-markupsafe/run-ptest b/poky/meta/recipes-devtools/python/python3-markupsafe/run-ptest new file mode 100644 index 0000000000..5cec711696 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-markupsafe/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +pytest diff --git a/poky/meta/recipes-devtools/python/python3-markupsafe_1.1.1.bb b/poky/meta/recipes-devtools/python/python3-markupsafe_1.1.1.bb new file mode 100644 index 0000000000..403a98a43f --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-markupsafe_1.1.1.bb @@ -0,0 +1,28 @@ +DESCRIPTION = "Implements a XML/HTML/XHTML Markup safe string for Python" +HOMEPAGE = "http://github.com/mitsuhiko/markupsafe" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=ffeffa59c90c9c4a033c7574f8f3fb75" + +SRC_URI[md5sum] = "43fd756864fe42063068e092e220c57b" +SRC_URI[sha256sum] = "29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b" + +PYPI_PACKAGE = "MarkupSafe" +inherit pypi setuptools3 +# ptest disabled in OE-Core for now due to missing dependencies + +RDEPENDS_${PN} += "${PYTHON_PN}-stringold" + +BBCLASSEXTEND = "native nativesdk" + +SRC_URI += " \ + file://run-ptest \ +" + +RDEPENDS_${PN}-ptest += " \ + ${PYTHON_PN}-pytest \ +" + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + cp -f ${S}/tests/* ${D}${PTEST_PATH}/tests/ +} diff --git a/poky/meta/recipes-devtools/python/python3-pycryptodome_3.9.7.bb b/poky/meta/recipes-devtools/python/python3-pycryptodome_3.9.7.bb new file mode 100644 index 0000000000..8f19984bed --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pycryptodome_3.9.7.bb @@ -0,0 +1,5 @@ +require python-pycryptodome.inc +inherit setuptools3 + +SRC_URI[sha256sum] = "f1add21b6d179179b3c177c33d18a2186a09cc0d3af41ff5ed3f377360b869f2" + diff --git a/poky/meta/recipes-devtools/python/python3-pycryptodomex_3.9.7.bb b/poky/meta/recipes-devtools/python/python3-pycryptodomex_3.9.7.bb new file mode 100644 index 0000000000..abb03b9909 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pycryptodomex_3.9.7.bb @@ -0,0 +1,9 @@ +require python-pycryptodome.inc +inherit setuptools3 + +SRC_URI[sha256sum] = "50163324834edd0c9ce3e4512ded3e221c969086e10fdd5d3fdcaadac5e24a78" + +FILES_${PN}-tests = " \ + ${PYTHON_SITEPACKAGES_DIR}/Cryptodome/SelfTest/ \ + ${PYTHON_SITEPACKAGES_DIR}/Cryptodome/SelfTest/__pycache__/ \ +" diff --git a/poky/meta/recipes-devtools/python/python3-pyelftools_0.26.bb b/poky/meta/recipes-devtools/python/python3-pyelftools_0.26.bb new file mode 100644 index 0000000000..575dfc4dc9 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pyelftools_0.26.bb @@ -0,0 +1,14 @@ +DESCRIPTION = "pyelftools is a pure-Python library for parsing and analyzing ELF files and DWARF debugging information" +HOMEPAGE = "https://github.com/eliben/pyelftools" +SECTION = "devel/python" +LICENSE = "PD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5ce2a2b07fca326bc7c146d10105ccfc" + +SRC_URI[md5sum] = "0ba0de4b47127249c4d632ae299cb0e8" +SRC_URI[sha256sum] = "86ac6cee19f6c945e8dedf78c6ee74f1112bd14da5a658d8c9d4103aed5756a2" + +PYPI_PACKAGE = "pyelftools" + +inherit pypi setuptools3 + +BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-devtools/python/python3/0001-setup.py-pass-missing-libraries-to-Extension-for-mul.patch b/poky/meta/recipes-devtools/python/python3/0001-setup.py-pass-missing-libraries-to-Extension-for-mul.patch index d38ed61dd7..ea0af02e72 100644 --- a/poky/meta/recipes-devtools/python/python3/0001-setup.py-pass-missing-libraries-to-Extension-for-mul.patch +++ b/poky/meta/recipes-devtools/python/python3/0001-setup.py-pass-missing-libraries-to-Extension-for-mul.patch @@ -46,7 +46,7 @@ ValueError: semaphore or lock released too many times And the semaphore issue also caused multiprocessing.Queue().put() hung. -Upstream-Status: Pensing +Upstream-Status: Pending Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> diff --git a/poky/meta/recipes-devtools/python/python3/CVE-2020-14422.patch b/poky/meta/recipes-devtools/python/python3/CVE-2020-14422.patch new file mode 100644 index 0000000000..6889e46da9 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/CVE-2020-14422.patch @@ -0,0 +1,77 @@ +From dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 29 Jun 2020 11:12:50 -0700 +Subject: [PATCH] bpo-41004: Resolve hash collisions for IPv4Interface and + IPv6Interface (GH-21033) + +The __hash__() methods of classes IPv4Interface and IPv6Interface had issue +of generating constant hash values of 32 and 128 respectively causing hash collisions. +The fix uses the hash() function to generate hash values for the objects +instead of XOR operation +(cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28) + +Co-authored-by: Ravi Teja P <rvteja92@gmail.com> + +Upstream-Status: Backport [https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5] +CVE: CVE-2020-14422 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + Lib/ipaddress.py | 4 ++-- + Lib/test/test_ipaddress.py | 12 ++++++++++++ + .../2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | 1 + + 3 files changed, 15 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst + +diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py +index 873c7644081af..a3a04f7f4b309 100644 +--- a/Lib/ipaddress.py ++++ b/Lib/ipaddress.py +@@ -1370,7 +1370,7 @@ def __lt__(self, other): + return False + + def __hash__(self): +- return self._ip ^ self._prefixlen ^ int(self.network.network_address) ++ return hash((self._ip, self._prefixlen, int(self.network.network_address))) + + __reduce__ = _IPAddressBase.__reduce__ + +@@ -2017,7 +2017,7 @@ def __lt__(self, other): + return False + + def __hash__(self): +- return self._ip ^ self._prefixlen ^ int(self.network.network_address) ++ return hash((self._ip, self._prefixlen, int(self.network.network_address))) + + __reduce__ = _IPAddressBase.__reduce__ + +diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py +index de77111705b69..2eba740e5e7a4 100644 +--- a/Lib/test/test_ipaddress.py ++++ b/Lib/test/test_ipaddress.py +@@ -2053,6 +2053,18 @@ def testsixtofour(self): + sixtofouraddr.sixtofour) + self.assertFalse(bad_addr.sixtofour) + ++ # issue41004 Hash collisions in IPv4Interface and IPv6Interface ++ def testV4HashIsNotConstant(self): ++ ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4") ++ ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5") ++ self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__()) ++ ++ # issue41004 Hash collisions in IPv4Interface and IPv6Interface ++ def testV6HashIsNotConstant(self): ++ ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1") ++ ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2") ++ self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__()) ++ + + if __name__ == '__main__': + unittest.main() +diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst +new file mode 100644 +index 0000000000000..1380b31fbe9f4 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst +@@ -0,0 +1 @@ ++The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). diff --git a/poky/meta/recipes-devtools/python/python3/CVE-2020-26116.patch b/poky/meta/recipes-devtools/python/python3/CVE-2020-26116.patch new file mode 100644 index 0000000000..c019db2a76 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/CVE-2020-26116.patch @@ -0,0 +1,104 @@ +From 668d321476d974c4f51476b33aaca870272523bf Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Sat, 18 Jul 2020 13:39:12 -0700 +Subject: [PATCH] bpo-39603: Prevent header injection in http methods + (GH-18485) + +reject control chars in http method in http.client.putrequest to prevent http header injection +(cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e) + +Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com> + +Upstream-Status: Backport [https://github.com/python/cpython/commit/668d321476d974c4f51476b33aaca870272523bf] +CVE: CVE-2020-26116 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + Lib/http/client.py | 15 +++++++++++++ + Lib/test/test_httplib.py | 22 +++++++++++++++++++ + .../2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst | 2 ++ + 3 files changed, 39 insertions(+) + create mode 100644 Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst + +diff --git a/Lib/http/client.py b/Lib/http/client.py +index 019380a720318..c2ad0471bfee5 100644 +--- a/Lib/http/client.py ++++ b/Lib/http/client.py +@@ -147,6 +147,10 @@ + # _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$") + # We are more lenient for assumed real world compatibility purposes. + ++# These characters are not allowed within HTTP method names ++# to prevent http header injection. ++_contains_disallowed_method_pchar_re = re.compile('[\x00-\x1f]') ++ + # We always set the Content-Length header for these methods because some + # servers will otherwise respond with a 411 + _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'} +@@ -1087,6 +1091,8 @@ def putrequest(self, method, url, skip_host=False, + else: + raise CannotSendRequest(self.__state) + ++ self._validate_method(method) ++ + # Save the method for use later in the response phase + self._method = method + +@@ -1177,6 +1183,15 @@ def _encode_request(self, request): + # ASCII also helps prevent CVE-2019-9740. + return request.encode('ascii') + ++ def _validate_method(self, method): ++ """Validate a method name for putrequest.""" ++ # prevent http header injection ++ match = _contains_disallowed_method_pchar_re.search(method) ++ if match: ++ raise ValueError( ++ f"method can't contain control characters. {method!r} " ++ f"(found at least {match.group()!r})") ++ + def _validate_path(self, url): + """Validate a url for putrequest.""" + # Prevent CVE-2019-9740. +diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py +index 8f0e27a1fb836..5a5fcecbc9c15 100644 +--- a/Lib/test/test_httplib.py ++++ b/Lib/test/test_httplib.py +@@ -364,6 +364,28 @@ def test_headers_debuglevel(self): + self.assertEqual(lines[3], "header: Second: val2") + + ++class HttpMethodTests(TestCase): ++ def test_invalid_method_names(self): ++ methods = ( ++ 'GET\r', ++ 'POST\n', ++ 'PUT\n\r', ++ 'POST\nValue', ++ 'POST\nHOST:abc', ++ 'GET\nrHost:abc\n', ++ 'POST\rRemainder:\r', ++ 'GET\rHOST:\n', ++ '\nPUT' ++ ) ++ ++ for method in methods: ++ with self.assertRaisesRegex( ++ ValueError, "method can't contain control characters"): ++ conn = client.HTTPConnection('example.com') ++ conn.sock = FakeSocket(None) ++ conn.request(method=method, url="/") ++ ++ + class TransferEncodingTest(TestCase): + expected_body = b"It's just a flesh wound" + +diff --git a/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst +new file mode 100644 +index 0000000000000..990affc3edd9d +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst +@@ -0,0 +1,2 @@ ++Prevent http header injection by rejecting control characters in ++http.client.putrequest(...). diff --git a/poky/meta/recipes-devtools/python/python3/CVE-2020-27619.patch b/poky/meta/recipes-devtools/python/python3/CVE-2020-27619.patch new file mode 100644 index 0000000000..bafa1cb999 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/CVE-2020-27619.patch @@ -0,0 +1,70 @@ +From 6c6c256df3636ff6f6136820afaefa5a10a3ac33 Mon Sep 17 00:00:00 2001 +From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com> +Date: Tue, 6 Oct 2020 05:38:54 -0700 +Subject: [PATCH] bpo-41944: No longer call eval() on content received via HTTP + in the CJK codec tests (GH-22566) (GH-22577) + +(cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8) + +Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> + +Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> + +Upstream-Status: Backport [https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33] +CVE: CVE-2020-27619 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + Lib/test/multibytecodec_support.py | 22 +++++++------------ + .../2020-10-05-17-43-46.bpo-41944.rf1dYb.rst | 1 + + 2 files changed, 9 insertions(+), 14 deletions(-) + create mode 100644 Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst + +diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py +index cca8af67d6d1d..f76c0153f5ecf 100644 +--- a/Lib/test/multibytecodec_support.py ++++ b/Lib/test/multibytecodec_support.py +@@ -305,29 +305,23 @@ def test_mapping_file(self): + self._test_mapping_file_plain() + + def _test_mapping_file_plain(self): +- unichrs = lambda s: ''.join(map(chr, map(eval, s.split('+')))) ++ def unichrs(s): ++ return ''.join(chr(int(x, 16)) for x in s.split('+')) ++ + urt_wa = {} + + with self.open_mapping_file() as f: + for line in f: + if not line: + break +- data = line.split('#')[0].strip().split() ++ data = line.split('#')[0].split() + if len(data) != 2: + continue + +- csetval = eval(data[0]) +- if csetval <= 0x7F: +- csetch = bytes([csetval & 0xff]) +- elif csetval >= 0x1000000: +- csetch = bytes([(csetval >> 24), ((csetval >> 16) & 0xff), +- ((csetval >> 8) & 0xff), (csetval & 0xff)]) +- elif csetval >= 0x10000: +- csetch = bytes([(csetval >> 16), ((csetval >> 8) & 0xff), +- (csetval & 0xff)]) +- elif csetval >= 0x100: +- csetch = bytes([(csetval >> 8), (csetval & 0xff)]) +- else: ++ if data[0][:2] != '0x': ++ self.fail(f"Invalid line: {line!r}") ++ csetch = bytes.fromhex(data[0][2:]) ++ if len(csetch) == 1 and 0x80 <= csetch[0]: + continue + + unich = unichrs(data[1]) +diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst +new file mode 100644 +index 0000000000000..4f9782f1c85af +--- /dev/null ++++ b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst +@@ -0,0 +1 @@ ++Tests for CJK codecs no longer call ``eval()`` on content received via HTTP. diff --git a/poky/meta/recipes-devtools/python/python3_3.8.2.bb b/poky/meta/recipes-devtools/python/python3_3.8.2.bb index a4a16fd495..1d0b4cdb77 100644 --- a/poky/meta/recipes-devtools/python/python3_3.8.2.bb +++ b/poky/meta/recipes-devtools/python/python3_3.8.2.bb @@ -33,6 +33,9 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ file://0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch \ + file://CVE-2020-14422.patch \ + file://CVE-2020-26116.patch \ + file://CVE-2020-27619.patch \ " SRC_URI_append_class-native = " \ @@ -52,6 +55,9 @@ CVE_PRODUCT = "python" # This is not exploitable when glibc has CVE-2016-10739 fixed. CVE_CHECK_WHITELIST += "CVE-2019-18348" +# This is windows only issue. +CVE_CHECK_WHITELIST += "CVE-2020-15523" + PYTHON_MAJMIN = "3.8" S = "${WORKDIR}/Python-${PV}" @@ -343,6 +349,7 @@ FILES_${PN}-man = "${datadir}/man" # See https://bugs.python.org/issue18748 and https://bugs.python.org/issue37395 RDEPENDS_libpython3_append_libc-glibc = " libgcc" +RDEPENDS_${PN}-ctypes_append_libc-glibc = " ${MLPREFIX}ldconfig" RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip bzip2 libgcc tzdata-europe coreutils sed" RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-tr-tr.iso-8859-9" RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk tk-lib', '', d)}" |