summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* build-appliance-image: Update to nanbield head revisionyocto-4.3.4nanbield-4.3.4nanbieldSteve Sakoman2024-03-281-1/+1
| | | | | | (From OE-Core rev: d0e68072d138ccc1fb5957fdc46a91871eb6a3e1) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dev-manual: improve descriptions of 'bitbake -S printdiff'Alexander Kanavin2024-03-282-7/+13
| | | | | | | | | | | Try to particularly emphasize that it can be used to find out why something rebuilds when it shouldn't. (From yocto-docs rev: 05d08b0bbaef760157c8d35a78d7405bc5ffce55) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* sdk-manual: correctly describe separate build-sysroots tasks in direct sdk ↵Alexander Kanavin2024-03-281-2/+6
| | | | | | | | | | | | | workflows They were separated in https://git.yoctoproject.org/poky/commit/?id=63e53fb8b60d38315015844bd3357fa1649cd639 (From yocto-docs rev: 7cb8ee0b922c57a2fc7100eca585463e888964be) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: add documentation of the variable SPDX_NAMESPACE_PREFIXBELOUARGA Mohamed2024-03-281-0/+5
| | | | | | | | | | | The documentation of the variable SPDX_NAMESPACE_PREFIX does not exist. This variable is used to change the prefix of some links in SPDX docs. (From yocto-docs rev: 33ed2376b501022daf24003e4e6352a91fcb06ee) Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* profile-manual: usage.rst: further style improvementsMichael Opdenacker2024-03-283-173/+187
| | | | | | | | | According to errors reported by "make stylecheck" (From yocto-docs rev: 3d6b7aa4b848403a5dcde0cdf68c38060f4ab0af) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* contributor-guide: be more specific about meta-* treesMartin Jansa2024-03-281-1/+1
| | | | | | | | | | | | * this is often confused to apply for e.g. meta-oe as well where it doesn't apply as meta-oe has own ML mentioned in README. (From yocto-docs rev: fd9c078a08933484087e0ce12d4eb0f1d4693995) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* migration-guides: add release notes for 4.0.17Lee Chee Yang2024-03-282-0/+239
| | | | | | | | (From yocto-docs rev: 58bd14d3e992e4d4ec650d169fcd76ecb8a28d6e) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* documentation: Makefile: remove releases.rst in "make clean"Michael Opdenacker2024-03-281-1/+1
| | | | | | | | | releases.rst is generated by the set_versions.py script (From yocto-docs rev: 6a9aea1d4db67da095c81bc606f102aacfc436d2) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* profile-manual: usage.rst: fix reference to bug reportMichael Opdenacker2024-03-281-3/+3
| | | | | | | | | Allowing to remove nested parentheses in the text! (From yocto-docs rev: 3af096c2509650165a6180e25d15114030e0ff18) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* manuals: use "manual page(s)"Michael Opdenacker2024-03-283-16/+16
| | | | | | | | | | Instead of "manpage(s)" or "man page(s)". To address one of the errors reported by "make stylecheck" (From yocto-docs rev: 7d9faaf283454d653e541a8faf0d50f4c968cc66) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* profile-manual: usage.rst: formatting fixesMichael Opdenacker2024-03-281-232/+235
| | | | | | | | | Plus a few text styling improvements, some reported by "make stylecheck" (From yocto-docs rev: f0c7c67ad297588d0112070b82f46fbc779bcb14) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* manuals: add initial stylechecks with ValeMichael Opdenacker2024-03-287-1/+58
| | | | | | | | | | | | | Use the "Vale" (https://vale.sh) tool to perform text style checks Run "make stylecheck" to run the checks. This just checks the text, not the Sphinx syntax style choices. (From yocto-docs rev: 198efc906efbbaced2526cd1221fd16ab35996a1) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0: skip a test that is known to be flakyRoss Burton2024-03-282-0/+36
| | | | | | | | | | | | | | | | | | | The aggregator testcase test_infinite_seek_50_src_live is known upstream to be flaky[1] and when this fails in their CI they just ignore it. It's failing often on our autobuilder, so disable the test case for now until upstream have resolved this issue. [ YOCTO #15054 ] [1] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/410 (From OE-Core rev: 2fdc76a78d03b27f79fcaf1f86a4cf5f8904d9ee) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c2c9cbc107e5428122ad26b5c478602f0c8c0fbe) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructionsRoss Burton2024-03-282-0/+59
| | | | | | | | | | | | | | | | On aarch64, if the processor doesn't have the Crypto instructions then OpenSSL will fall back onto the "bit-sliced" assembler routines. When branch protection (BTI) was enabled in OpenSSL these routines were missed, so if BTI is available libssl will immediately abort when it enters this assembler. Backport a patch submitted upstream to add the required call target annotations so that BTI doesn't believe the code is being exploited. (From OE-Core rev: ec555688dbdc87cc695db653201c8d9e20079d22) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* curl: increase test timeoutsRoss Burton2024-03-282-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | We often see multiple curl tests fail during ptest runs, the actual test varies but the output is like this: FAIL: 337: protoc! There was no content at all in the file log/3/server.input. Server glitch? Total curl failure? Returned: 28 Error code 28 is CURLE_OPERATION_TIMEDOUT, so this is almost certainly due to a loaded machine resulting in the tests running slowly. It is notable that the test runner explicitly passes --max-time=13 to curl, so experiment and change this to 600 to see if this solves the problem. [ YOCTO #15268 ] (From OE-Core rev: d105cc0dae1fcca285c08f33df7888c68fb0dc2f) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e2e9ec1bf97a7e36a05a247dbc671ecca584205f) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* curl: improve run-ptestRoss Burton2024-03-282-4/+10
| | | | | | | | | | | | | | | | | | There's no need to run the output of runtests.pl through a sed to get automake-style output, as you can pass -am to get this formatting. Don't run timing dependent tests, as the ptests can run on loaded systems. Add a dependency on the en_US locale because some of the tests require this. (From OE-Core rev: 000bedc1c95e033f8a479a18a47dc66a0609d596) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3c3601d50ae290e7e9797eadd20c05df99bbd040) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* mdadm: Disable ptestsPavel Zhukov2024-03-281-1/+2
| | | | | | | | | | | | | As agreed upon in the bug triage meeting, disable mdadm ptest for the time being Related: [Yocto #15181] [Yocto #15159] [Yocto #15308] [Yocto #15309] (From OE-Core rev: ebbe9458526546b821d81a89d8098355d943ee60) Signed-off-by: Pavel Zhukov <pavel@zhukoff.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 22ae573aa1a1244d4dea498d4fa4fcdf195bedf8) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* build-appliance-image: Update to nanbield head revisionSteve Sakoman2024-03-221-1/+1
| | | | | | (From OE-Core rev: 84a70edd2ce791dcd9b8b7a2f436f1d59cb2ea95) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* poky.conf: bump version for 4.3.4 releaseSteve Sakoman2024-03-221-1/+1
| | | | | | (From meta-yocto rev: d98079ded41a4c6ab566998d4fbbd5e9d49efb3e) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* core-image-ptest: Increase disk size to 1.5G for strace ptest imageKhem Raj2024-03-201-1/+1
| | | | | | | | | | | | | | | Autobuilder sees and intermittent failure on strace tests and it occurs quite often therefore bump the size of image as the space requirement is more now with parallel execution enabled. [YOCTO #15370] (From OE-Core rev: 719a155b7f85d4ee623f78c3e85ba987f9142290) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 02d31355b20f8f3e7bd1b71c9412988eca9ec4b4) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* yocto-uninative: Update to 4.4 for glibc 2.39Michael Halstead2024-03-201-5/+5
| | | | | | | | | (From OE-Core rev: eebb03d9409df143c68262264a7d3991f6e94a9a) Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 56fdd8b79e2f7ec30d2cdcfa0c399a6553efac1e) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* tzdata : Upgrade to 2024aPriyal Doshi2024-03-201-3/+3
| | | | | | | | | (From OE-Core rev: e0f18bb696dc7266befd2fd6c46062c9d6a7ab59) Signed-off-by: Priyal Doshi <pdoshi@mvista.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 5abbd0abf992ce8d11f3ae31fb1d83d97f5319fa) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* linux-firmware: upgrade 20231211 -> 20240220Alexander Kanavin2024-03-201-3/+3
| | | | | | | | | | | License-Update: additional files (From OE-Core rev: 0d506b892d299eaf9aeefb614245108128ce480e) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit add81ef0299ea5260f9bdc59ffc8f5cc0e74276f) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* wireless-regdb: Upgrade 2023.09.01 -> 2024.01.23Alex Kiernan2024-03-201-2/+2
| | | | | | | | | | | | | | | | | Upstream maintainer has changed to Chen-Yu Tsai <wens@kernel.org>: https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/ Note that fb768d3b13ff ("wifi: cfg80211: Add my certificate") and 3c2a8ebe3fe6 ("wifi: cfg80211: fix certs build to not depend on file order") are required if you are using kernel signature verification. (From OE-Core rev: a9a799a6ab27947071f76211901d5bde160e5894) Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit abf169fbbf8bab13224adf4c8bfa2e26607f360c) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* openssl: upgrade to 3.1.5Lee Chee Yang2024-03-202-24/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes between 3.1.4 and 3.1.5 [30 Jan 2024] * A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL did not correctly check for this case. A fix has been applied to prevent a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue prior to this fix. OpenSSL APIs that were vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. ([CVE-2024-0727]) https://www.openssl.org/news/cl31.txt drop fix_random_labels.patch as fixed in https://github.com/openssl/openssl/commit/99630a1b08fd6464d95052dee4a3500afeb95867 (From OE-Core rev: aeac11fa743567e185179b27b4700bbf8fcf06e1) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: Remove rejected CVE from databaseYoann Congal2024-03-201-0/+4
| | | | | | | | | | | | | | When a CVE is updated to be rejected, matching database entries must be removed. Otherwise: * an incremental update is not equivalent the to an initial download. * rejected CVEs might still appear as Unpatched in cve-check. (From OE-Core rev: 5b17b563908206667a7d14f390bd9b2de897774c) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f276a980b8930b98e6c8f0e1a865d77dfcfe5085) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: Fix CVE configuration updateYoann Congal2024-03-201-0/+4
| | | | | | | | | | | | | | When a CVE is created, it often has no precise version information and this is stored as "-" (matching any version). After an update, version information is added. The previous "-" must be removed, otherwise, the CVE is still "Unpatched" for cve-check. (From OE-Core rev: 67c4d9d27f06a07eac46c0f2cba8cfa1691b0737) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 641ae3f36e09af9932dc33043a0a5fbfce62122e) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: nvd_request_next: Improve commentYoann Congal2024-03-201-1/+2
| | | | | | | | | | | | Add a URL to the doc of the API used in the function. ... and fix a small typo dabase -> database (From OE-Core rev: c8ae1765e81f9dd8e95a251cfda9e4d820bb5630) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e0157b3b81333a24abd31dbb23a6abebca3e7ba7) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definitionYoann Congal2024-03-201-2/+0
| | | | | | | | | | | | | | | CVE_CHECK_DB_FILE is already defined in cve-check.bbclass which is always inherited in cve-update-nvd2-native (There is a check line 40). Remove it to avoid confusion. Otherwise, this should not change anything. (From OE-Core rev: 572ee5512a3d8941c6842af451ca6c9bb75773d3) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e5f3f223885c17b7007c310273fc7c80b90a4105) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: Add an age threshold for incremental updateYoann Congal2024-03-201-4/+16
| | | | | | | | | | | | | | | Add a new variable "CVE_DB_INCR_UPDATE_AGE_THRES", which can be used to specify the maximum age of the database for doing an incremental update For older databases, a full re-download is done. With a value of "0", this forces a full-redownload. (From OE-Core rev: 665c880ff8be1b18c2abe8fa878643dfa64b7d3d) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 74c1765111b6610348eae4b7e41d7045ce58ef86) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: Fix typo in commentYoann Congal2024-03-201-1/+1
| | | | | | | | | | | attmepts -> attempts (From OE-Core rev: 0c2e186e1ed8a904945066672e8e2af8b2ea284c) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dc18aaeda8e810f9082a0ceac08e5e4275bbd0f7) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* wpa-supplicant: Fix CVE-2023-52160Claus Stovgaard2024-03-202-0/+214
| | | | | | | | | | | | PEAP client: Update Phase 2 authentication requirements. Also see https://www.top10vpn.com/research/wifi-vulnerabilities/ (From OE-Core rev: 7d0e3f31d2193b2b13a9fe3f368a172f4eaa7c48) Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 57b6a329df897de69ae8b90706d9fe37e0ed6d35) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-check: Log if CVE_STATUS set but not reported for componentSimone Weiß2024-03-201-0/+3
| | | | | | | | | | | | | Log if the CVE_STATUS is set for a CVE, but the cve is not reported for a component. This should hopefully help to clean up not needed CVE_STATUS settings. (From OE-Core rev: c1b3c3856c2bdf2d9d6dfbaccfce549396a8630a) Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 013d531a84fa08b6ae8a47bdf3ba1fa8f18ba270) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* manuals: document VIRTUAL-RUNTIME variablesMichael Opdenacker2024-03-162-9/+36
| | | | | | | | | | | | | | Document the convention to use variables prefixed by VIRTUAL_RUNTIME. Add references to the new term where possible. Another reason is that such variables are recommended in a warning issued by meta/classes-global/insane.bbclass (From yocto-docs rev: 692ee19c99d015adf79da540b03d12245f7024f4) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reported-by: Tim Orling <ticotimo@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* contributor-guide: add notes for testsSimone Weiß2024-03-161-2/+35
| | | | | | | | | | | | This adds some hints that and how changes should be tested when contributing. Fixes [YOCTO #15412] (From yocto-docs rev: d6f14fad6b85e61961830198474f9281d84b3d27) Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dev-manual: packages: fix capitalizationMichael Opdenacker2024-03-161-1/+1
| | | | | | | | | | | | Using "PR service" instead of "PR Service", like in the other two instances in this document. (From yocto-docs rev: 6d6fbf786fff802ab30d649f9903331814d9fe1c) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reported-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> Reviewed-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: variables: adding multiple groups in GROUPADD_PARAMGeoff Parker2024-03-161-0/+8
| | | | | | | | | | | Add missing documentation on how to add multiple groups with a single GROUPADD_PARAM:${PN} (From yocto-docs rev: 8d1aecf5aa638aa98676bda9b30a241c350f94a3) Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: variables: correct sdk installation default pathJohan Bezem2024-03-162-2/+6
| | | | | | | | | | | | | | | | | | The SDKPATH variable seems mistakenly identified as the default path where the SDK will be installed by the generated installation script, unless option '-d' or a manual input overrides this default. The intended variable is SDKPATHINSTALL. SDKPATH indicates where the SDK is being composed and built. The definitions have been added/updated. (From yocto-docs rev: ef86bec59f5bd81963e0013fce63a1960df53c57) Signed-off-by: Johan Bezem <jbezem.extern@arri.de> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: tasks: do_cleansstate: recommend using '-f' instead for a shared ↵Luca Ceresoli2024-03-161-0/+12
| | | | | | | | | | | | | | | | | sstate do_cleansstat can produce build errors when using a shared sstate cache. Add a note to clearly discourage, provide a safe alternative (bitbake -f), and the rationale. Suggested-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> Link: https://lore.kernel.org/yocto-docs/20240219155513.76738-1-luca.ceresoli@bootlin.com/T/#m5529687ecb0f9ec2dacddcb6ff58e2df73af9cde (From yocto-docs rev: fe023e48a5014e838fb74b77cdf8b0d546db0d21) Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Reviewed-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: tasks: do_cleanall: recommend using '-f' insteadLuca Ceresoli2024-03-161-3/+23
| | | | | | | | | | | | | | | | | | do_cleanall can produce failures when used in legitimate cases, such as with recipe variants (foo and foo-native) or a shared DL_DIR. This is why it is forbidden when writing tests that will run on the autobuilders (https://docs.yoctoproject.org/test-manual/intro.html?highlight=cleanall#considerations-when-writing-tests). Reword the documentation to clearly discourage, provide a safe alternative (bitbake -f -c fetch), and the rationale with an example. Reported-by: Sam Liddicott Link: https://bootlin.com/blog/yocto-sharing-the-sstate-cache-and-download-directories/#comment-2650335 (From yocto-docs rev: c8ba32df7576ceb4b8371595e14ad51bdb3e33b1) Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Reviewed-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gnutls: Upgrade 3.8.2 -> 3.8.3Simone Weiß2024-03-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade version to adress recent CVE findings. Changelog ========= ** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange [GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553] ** libgnutls: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures [GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567] ** libgnutls: Fix regression in handling Ed25519 keys stored in PKCS#11 token certtool was unable to handle Ed25519 keys generated on PKCS#11 with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2. (cherry-pick from Oe-Core rev 705d2972b38efc9f331e3635c07ca92f8812b365) (From OE-Core rev: f40a53370eac89df38b2fab47c411a61d4df4fc0) Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gnutls: upgrade 3.8.1 -> 3.8.2Wang Mingyu2024-03-161-1/+1
| | | | | | | | | | | | | | | | | | | Changelog: ============ ** libgnutls: Fix timing side-channel inside RSA-PSK key exchange. ** libgnutls: Add API functions to perform ECDH and DH key agreement ** libgnutls: Added support for AES-GCM-SIV ciphers ** libgnutls: transparent KTLS support is extended to FreeBSD kernel ** gnutls-cli: New option --starttls-name (cherry-pick from Oe-Core rev 3c01bb0be8ddafa0aa1ad996ec524b51fd28f512) (From OE-Core rev: d9310c3ce0f88798de6d2d3d0c600b9014c1d872) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bind: Upgrade 9.18.21 -> 9.18.24Soumya Sambu2024-03-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========= 9.18.24: - Fix case insensitive setting for isc_ht hashtable. [GL #4568] 9.18.23: - Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. (CVE-2023-50387) [GL #4424] - Change 6315 inadvertently introduced regressions that could cause named to crash. [GL #4234] - Under some circumstances, the DoT code in client mode could process more than one message at a time when that was not expected. That has been fixed. [GL #4487] 9.18.22: - Limit isc_task_send() overhead for RBTDB tree pruning. [GL #4383] - Restore DNS64 state when handling a serve-stale timeout. (CVE-2023-5679) [GL #4334] - Specific queries could trigger an assertion check with nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281] - Speed up parsing of DNS messages with many different names. (CVE-2023-4408) [GL #4234] - Address race conditions in dns_tsigkey_find(). [GL #4182] - Conversion from NSEC3 signed to NSEC signed could temporarily put the zone into a state where it was treated as unsigned until the NSEC chain was built. Additionally conversion from one set of NSEC3 parameters to another could also temporarily put the zone into a state where it was treated as unsigned until the new NSEC3 chain was built. [GL #1794] [GL #4495] - Memory leak in zone.c:sign_zone. When named signed a zone it could leak dst_keys due to a misplaced 'continue'. [GL #4488] - Log more details about the cause of "not exact" errors. [GL #4500] - The wrong time was being used to determine what RRSIGs where to be generated when dnssec-policy was in use. [GL #4494] - The "trust-anchor-telemetry" statement is no longer marked as experimental. This silences a relevant log message that was emitted even when the feature was explicitly disabled. [GL #4497] - Fix statistics export to use full 64 bit signed numbers instead of truncating values to unsigned 32 bits. [GL #4467] - NetBSD has added 'hmac' to libc which collides with our use of 'hmac'. [GL #4478] (cherry-pick from Oe-Core rev d7f31aba343948dbaadafc8c0c66f78e6ffb46e3) (From OE-Core rev: 61fa2f52045b7a1553249c33263b5fd32444a305) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bind: upgrade 9.18.20 -> 9.18.21Wang Mingyu2024-03-162-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bind-ensure-searching-for-json-headers-searches-sysr.patch refreshed for 9.18.21 Changelog: ========== -Improve LRU cleaning behaviour. -The "resolver-nonbackoff-tries" and "resolver-retry-interval" options are deprecated; a warning will be logged if they are used. -BIND might sometimes crash after startup or re-configuration when one 'tls' entry is used multiple times to connect to remote servers due to initialisation attempts from contexts of multiple threads. That has been fixed. -Dig +yaml will now report "no servers could be reached" also for UDP setup failure when no other servers or tries are left. -Recognize escapes when reading the public key from file. -Dig +yaml will now report "no servers could be reached" on TCP connection failure as well as for UDP timeouts. -Deprecate AES-based DNS cookies. (cherry-pick from Oe-core rev b750d54622a0fa0a35d83ddc59f07661e903360b) (From OE-Core rev: 6977b7ac4202a1dd4264a6b4e4e6fd5c3dc07d37) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3-jinja2: upgrade 3.1.2 -> 3.1.3Wang Mingyu2024-03-161-1/+1
| | | | | | | | | | | | | | | | | | | Changelog: ========== -Fix compiler error when checking if required blocks in parent templates are empty. -xmlattr filter does not allow keys with spaces. -Make error messages stemming from invalid nesting of {% trans %} blocks more helpful upgrade include fix for CVE-2024-22195. (cherry-pick from Oe-Core rev 8a0524464583d69df7746253f5020c2c125a8e1f) (From OE-Core rev: f8f89b901e3f8db3a9e61ab49976beeb9531d1c2) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libxml2: upgrade to 2.11.7Lee Chee Yang2024-03-161-1/+1
| | | | | | | | | | | | | | | | | | | libxml2 2.11.7 Security [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking libxml2 2.11.6 Regressions threads: Fix --with-thread-alloc xinclude: Fix 'last' pointer in xmlXIncludeCopyNode Bug fixes parser: Fix potential use-after-free in xmlParseCharDataInternal (From OE-Core rev: a0d164d7705034b2c351c518cebad8811ed5026f) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: upgrade 23.2.3 -> 23.2.4Dhairya Nagodra2024-03-161-1/+1
| | | | | | | | | Includes fixes for CVE-2023-6816, CVE-2024-0408, CVE-2024-0409 (From OE-Core rev: 91f5e2a55212f3e0c8ce9269a139a7f4519f28a9) Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dev-manual: packages: need enough free spaceMichael Opdenacker2024-03-131-0/+7
| | | | | | | | | Enough free storage space is needed to apply package upgrades. (From yocto-docs rev: 0ccb6570c8ae50f2f40b3634a9798a10fd20811d) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dev-manual: packages: clarify shared PR service constraintMichael Opdenacker2024-03-131-3/+8
| | | | | | | | | | Explicit the problems previous described as "obvious". (From yocto-docs rev: c5e3b57398d98626e348cb14d2a89ecc5f424dd4) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Suggested-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* manuals: suppress excess use of "following" wordMichael Opdenacker2024-03-1336-100/+85
| | | | | | | | | | | | | | | | | | To simplify the style, replace "Following is" and "Following are" by "here is" and "here are", sounding more natural. In some cases, also go further by simplifying "Here are/is xxx" by "xxx are/is" when the "are" or "is" are not two far at the end of the sentence. In some cases too, completely remove the sentence, when it's redundant with the preceding title. (From yocto-docs rev: da1cbd7083238657aaeaea16841b24531c86298e) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> CC: Daniel Ammann <daniel.ammann@bytesatwork.ch> Signed-off-by: Steve Sakoman <steve@sakoman.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-09 16:54:13 +0000