summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* curl: Fix CVE-2022-32221Bhabu Bindu2022-12-072-0/+29
| | | | | | | | | | | | POST following PUT confusion Link: https://ubuntu.com/security/CVE-2022-32221 (From OE-Core rev: 518bea85c9496d77c70d703b818e442eda841554) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patchMartin Jansa2022-12-071-2/+3
| | | | | | | | | | | | | | | | * according to https://bugzilla.redhat.com/show_bug.cgi?id=2118863 this commit should be the fix for CVE-2022-2868 * resolves false-possitive entry in: https://lists.yoctoproject.org/g/yocto-security/message/705 CVE-2022-2868 (CVSS3: 8.1 HIGH): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2868 (From OE-Core rev: 97ad71541996023075950337e8b133c1a8551e0f) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2022-3970Qiu, Zheng2022-12-072-0/+39
| | | | | | | | | | | | | | | | | | | This patch contains a fix for CVE-2022-3970 Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security-tracker.debian.org/tracker/CVE-2022-3970 Patch generated from : https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be (From OE-Core rev: d4b231e1baa0c4c6fa8eaa2e25170eeb29cd1cdf) Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix a number of CVEsRoss Burton2022-12-075-1/+1005
| | | | | | | | | | | | | | | | | | | Backport fixes from upstream for the following CVEs: - CVE-2022-3599 - CVE-2022-3597 - CVE-2022-3626 - CVE-2022-3627 - CVE-2022-3570 - CVE-2022-3598 (From OE-Core rev: ad0780059a105b74313eb6a357360f5ad32333a4) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: refresh with devtoolMartin Jansa2022-12-0718-148/+118
| | | | | | | | | | | | | * so that they can be easily and cleanly applied with "git am" * manually fix CVE-2022-2953.patch commit message not to use UTF-8 quotes and replace it with human readable text from original commit: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf (From OE-Core rev: 535c814259ec63916debb17a326fa328c4f6237b) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775Xiangyu Chen2022-12-074-0/+298
| | | | | | | | | | | | | | | | | | Backport patch from upstream to solve CVE-2022-2601 CVE-2022-3775 dependency: font: Fix size overflow in grub_font_get_glyph_internal() (https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532) Backport patch from upstream to fix following CVEs: CVE-2022-2601: font: Fix several integer overflows in grub_font_construct_glyph() (https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e) CVE-2022-3775: font: Fix an integer underflow in blit_comb() (https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af) (From OE-Core rev: 0fc6693ab4f2f4b231b80c9675acea4e54b973f0) Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* create-spdx: default share_src for shared sourcesKonrad Weihmann2022-12-011-2/+3
| | | | | | | | | | | | | | | | | | | | if a source is using work-shared but isn't a kernel, like for instance llvm-source from meta-clang, share_src was previously undefined leading to a crash of the python code. Default to WORKDIR and just override it in case the source being a kernel recipe. Additionally changes the variable names in the following, as they imply that it's only about the kernel, which is not the case in every case (From OE-Core rev: 34fa68a0b07328c4ed4eef81f8cde80137a91f18) (From OE-Core rev: 5b2ee67e3a5587b4c7d97d2a9bc00022d1eedae3) Signed-off-by: Konrad Weihmann <kweihmann@witekio.com> On-behalf-of: Avnet Embedded <AvnetEmbedded@avnet.eu> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta-selftest/staticids: add render group for systemdPeter Marko2022-12-011-0/+1
| | | | | | | | | (From OE-Core rev: ba1db7f9189526b02e3d75d375ece53953c2e942) Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 5b761270267063afb0462d1ebf99cabe32ff4e0a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: add group render to udev packagePeter Marko2022-12-011-0/+2
| | | | | | | | | | | | | | | | | | | | From NEWS for v236: * The "uaccess" udev tag has been dropped from /dev/kvm and /dev/dri/renderD*. These devices now have the 0666 permissions by default (but this may be changed at build-time). /dev/dri/renderD* will now be owned by the "render" group along with /dev/kfd. Without the group systemd-udevd startup logs: /lib/udev/rules.d/50-udev-default.rules:39 Unknown group 'render', ignoring /lib/udev/rules.d/50-udev-default.rules:40 Unknown group 'render', ignoring (From OE-Core rev: f902338f312cf5c55b2857e5c7e980cb11a26a9c) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 84efd72d48616405dbe4d73ec95917077144ed09) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sanity: Drop data finalize callRichard Purdie2022-12-011-9/+2
| | | | | | | | | | | | | This call was effectively like update_data and no longer did anything in bitbake. Drop it as it is obsolete. (From OE-Core rev: 06e088ef6e961f05ca600612adcc71bff91f09be) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit d3eb4531aae28a07cb7e52ed5fe1102445d2effd) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sstate: Allow optimisation of do_deploy_archives task dependenciesJose Quaresma2022-12-011-1/+1
| | | | | | | | | | | | | do_deploy_archives tasks don't need their dependencies so we can optimistion this as we do for some other tasks. (From OE-Core rev: 1e32ad0849f06aee92fe844e8eaee73c5935bfb0) Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 3dd9f6e398844380d3765c54d35afe0d2ccf82e7) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rm_work: exclude the SSTATETASKS from the rm_work tasks sinatureJose Quaresma2022-12-011-0/+2
| | | | | | | | | | | | | | | | | | | | | We can exclude the SSTATETASKS from the rm_work task signature to avoid running the task when we remove some setscene tasks from the dependencie chain. The inject_rm_work handler on the rm_work bbclass triggers the rm_work task running for any signature change in the dependencie chain of the task do_build of each recipe. i.e INHERIT:remove = "create-spdx" will trigger the do_rm_work when we collect the sstate cache with INHERIT = "create-spdx" (From OE-Core rev: c06df50b0c7e6ecb138f37c51196c57295649437) Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 77729bea5b17d65dafb604fd1665c612091b28c7) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sstatesig: skip the rm_work task signatureJose Quaresma2022-12-011-0/+6
| | | | | | | | | | | | | | | | | | | | We can skip the rm_work task signature to avoid running the task when we remove some tasks from the dependencie chain. The inject_rm_work handler on the rm_work bbclass triggers the rm_work task running for any signature change in the dependencie chain of the task do_build of each recipe. i.e INHERIT:remove = "create-spdx" will trigger the do_rm_work when we collect the sstate cache with INHERIT = "create-spdx" (From OE-Core rev: ad52bb4643eb8063ff4db6bcb86b9a593ad6ce7d) Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 292305700e39d0ebd64763f5032c39ace5005fad) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnomebase.bbclass: return the whole version for tarball directory if it is a ↵Alexander Kanavin2022-12-011-1/+1
| | | | | | | | | | | | | | number E.g. if version is '43' without any dots, existing code would return ''. (From OE-Core rev: f3dfc90b8d4e7735eedfeab99d0ebe2ba6e970a0) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 38c15322bdbb2423973939e861b5ad1ffb5c8b7f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only thatAlexander Kanavin2022-12-011-5/+5
| | | | | | | | | | | | | | Staging the whole /usr/bin is not correct, as it pulls in also all the vala's cross binaries, which may be discovered by other recipes and things will go wrong then. (From OE-Core rev: 66bdef9f5cae941c5067d88b1d26b2d6236ec56d) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 52629d9db0344146ff4734632b17bd731e247fd5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-firmware: don't put the firmware into the sysrootRoss Burton2022-12-011-0/+3
| | | | | | | | | | | | | | There's no need to have linux-firmware in the sysroot. The sysroot won't ever be used anyway as nothing needs the firmware at build-time, but this saves us building a ~900MB sysroot (~300MB sstate tarball). (From OE-Core rev: a75f20f71b4dd964befbae2f517d0f41f02fb4fc) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 26ed998c4f201c5cacf330f52e51e416afbd300c) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu-helper-native: Correctly pass program name as argv[0]Joshua Watt2022-12-011-11/+4
| | | | | | | | | | | | | | | The previous version of this wasn't correctly passing the program name as argv[0], and was also over-complicated anyway because argv[] is guaranteed to be terminated with a NULL pointer, so it can be passed directly to the execv'd process without needing to be copied. (From OE-Core rev: c8b7a0570903fc7916530c2fcffaee3b61f27301) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 6edf38add3c20c44efe0588e2815bb280d22e0c4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu-helper-native: Re-write bridge helper as C programJoshua Watt2022-12-013-28/+44
| | | | | | | | | | | | | | | | | | | | | | | The bridge helper program is invoked directly from QEMU when it needs to attach to a network bridge. As such, it is subject to the environment of QEMU itself. Specifically, if bridging is enabled with direct rendering acceleration, QEMU is run with an LD_PRELOAD that attempts to preload several uninative libraries; however /bin/sh doesn't use the uninative loader which means it can fail to start with an error like: /bin/sh: symbol lookup error: sysroots-uninative/x86_64-linux/lib/librt.so.1: undefined symbol: __libc_unwind_link_get, version GLIBC_PRIVATE Converting the helper program to a C program resolves this problem because it will now use the uninative loader so the preload doesn't cause errors. (From OE-Core rev: 428a0be91eafb961f0fe92d2abccde5352c54c54) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit f698e98f2f09952b34488b8cf9e73e82bd7aea07) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iso-codes: upgrade 4.11.0 -> 4.12.0Wang Mingyu2022-12-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | Changelog: ========= - ISO 3166-1: Update name for TR. Fixes #38 - Translation updates for ISO 3166-1 - Translation updates for ISO 3166-2. Closes: #1020633 - Translation updates for ISO 3166-3 - Translation updates for ISO 639-2 - Translation updates for ISO 639-3 - Translation updates for ISO 639-5 - Translation updates for ISO 4217 - Translation updates for ISO 15924 (From OE-Core rev: 017abb138460978e87c84c509f9af7524a053e1b) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 99917b4b7d5642b292cb95c770871b95e411dfc5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* babeltrace: upgrade 1.5.8 -> 1.5.11Wang Mingyu2022-12-011-1/+1
| | | | | | | | | | | | | | | | | | | | | Changelog: =========== * Fix: distutils removed in python 3.12 * Fix: use-after-free with popt 1.19 * configure.ac: Basic fixes for autoconf 2.70 * Add gerrit config for stable-1.5 * port: disable debug-info by default on FreeBSD * port: add missing includes for FreeBSD compat * bindings: try importing collections.abc first for forward compatibility * man: fix typo in babeltrace.1 (From OE-Core rev: e1e74360ef3fe2adfac95b3c142ca31e1ee180b7) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit a8f3e4f92f968eb96df11203ff442e6e42634915) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mobile-broadband-provider-info: upgrade 20220725 -> 20221107Wang Mingyu2022-12-011-2/+2
| | | | | | | | | | (From OE-Core rev: d9c986703568e115df7ce87b548879d1d732116f) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 7e12fa1e6250fc358ba159a6b626458d871f7ccf) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libepoxy: update 1.5.9 -> 1.5.10Alexander Kanavin2022-12-011-1/+1
| | | | | | | | | | | | | | | Changes since 1.5.9 - Fix for building with MSVC on non-English locale [Seungha Yang] - Fix build on Android [Caolán McNamara] - Add the right include paths for EGL and X11 headers [Alex Richardson] (From OE-Core rev: 6a3e430a776866c05d354d272c0513dbf188ed34) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 436cb3c98c582e17e6ed2491cc6598c56976af46) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libepoxy: convert to gitAlexander Kanavin2022-12-011-2/+3
| | | | | | | | | | | | Latest version doesn't come with stable tarballs. (From OE-Core rev: 1944a5dd84c3629c9c994383e2904731cf28ea87) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 4b6eed2bb323a3c7390ca3ad426afe27e9072bf0) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0: upgrade 1.20.3 -> 1.20.4Alexander Kanavin2022-12-0112-100/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The fourth 1.20 bug-fix release (1.20.4) was released on 12 October 2022. This release only contains bugfixes and it should be safe to upgrade from 1.20.x. Highlighted bugfixes in 1.20.4 - avaudiodec: fix playback issue with WMA files, would throw an error at EOS with FFmpeg 5.x - Fix deadlock when loading gst-editing-services plugin - Fix input buffering capacity in live mode for aggregator, video/audio aggregator subclasses, muxers - glimagesink: fix crash on Android - subtitle handling and subtitle overlay fixes - matroska-mux: allow width + height changes for avc3|hev1|vp8|vp9 - rtspsrc: fix control url handling for spec compliant servers and add fallback for incompliant servers - WebRTC fixes - RTP retransmission fixes - video: fixes for formats with 4x subsampling and horizontal co-sited chroma (Y41B, YUV9, YVU9 and IYU9) - macOS build and packaging fixes, in particular fix finding of gio modules on macOS for https/TLS support - Fix consuming of the macOS package as a framework in XCode - Performance improvements - Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements (From OE-Core rev: cb8842b09959f4eefdc7d638a435db4361fd2441) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 58e4825328dafd7f593d9eb42be5506408627a31) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdk-pixbuf: upgrade 2.42.9 -> 2.42.10Alexander Kanavin2022-12-011-1/+1
| | | | | | | | | | | | | | | | | 2.42.10 (stable) === - Search for rst2man.py [!145, Matt Turner] - Update the memory size limit for JPEG images [#216, #218] - Translation updates (From OE-Core rev: 58629c6c42f018b9faa200c39e819c2db38fd935) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 01e1828f8e5bcb0ad88b89fe783c2973480695bb) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mtd-utils: upgrade 2.1.4 -> 2.1.5Alexander Kanavin2022-12-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Raw short log since the 2.1.4 release: Alex Henrie (1): mkfs.jffs2: fix spelling of --compression-mode parameter in help text Andrew Mellor (1): ubinfo: Fix --vol_id return code for absent volume id Christophe Kerello (1): nandflipbits: fix corrupted oob David Oberhollenzer (1): Release mtd-utils-2.1.5 Enrico Jorns (1): libmtd: do not ignore non-zero eraseblock size when MTD_NO_ERASE is set Frederic Germain (2): .gitignore: add new ubiscan utility Fix warning about unaligned pointer in jffs2reader Khem Raj (1): tests: Remove unused linux/fs.h header from includes Michael Walle (1): mtd-utils: flash_otp_dump make offset optional Mike Frysinger (1): fix test bashism Rafał Miłecki (1): nandwrite: warn about writing 0xff blocks Sascha Hauer (1): mtd-utils: nanddump: fix writing big images on 32bit machines liaohua (1): nor-utils: fix memory leak (From OE-Core rev: 7f2503ef132634431b28207c51b3fd18de076eb9) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit a3289c988764e5b864873b4adc7656c101a5b9c0) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libical: upgrade 3.0.15 -> 3.0.16Alexander Kanavin2022-12-011-1/+1
| | | | | | | | | | | | | | | Version 3.0.16 is a patch release. - Fix regressions in 3.0.15 due to improperly tested fuzz fixes - Fix argument guards in icaltime_as_timet to match documentation and tests. (From OE-Core rev: 6d68985f1a7a55cda92c177c739e51cac3faf653) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 77d4557d6f6a1405d03bb5dc7ca23d7ee78c2037) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libffi: upgrade 3.4.2 -> 3.4.4Alexander Kanavin2022-12-013-10/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | 3.4.4 Oct-23-2022 Important aarch64 fixes, including support for linux builds with Link Time Optimization (-flto). Fix x86 stdcall stack alignment. Fix x86 Windows msvc assembler compatibility. Fix moxie and or1k small structure args. 3.4.3 Sep-19-22 All struct args are passed by value, regardless of size, as per ABIs. Enable static trampolines for Cygwin. Add support for Loongson's LoongArch64 architecture. Fix x32 static trampolines. Fix 32-bit x86 stdcall stack corruption. Fix ILP32 aarch64 support. License-Update: copyright years (From OE-Core rev: 6ad074b1caff63e90805aac25cca8a831b57273d) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 5b42ba98ef26a52bad8de1790b402938fec4a160) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xwayland: upgrade 22.1.4 -> 22.1.5Wang Mingyu2022-12-011-1/+1
| | | | | | | | | | (From OE-Core rev: 9c1fc7e6c3d96f17f3eed2d8665dd6388ddcf1c5) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 48ca760427f14ae291bf2ebf6f93f8d0fb27e3ab) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xwayland: upgrade 22.1.3 -> 22.1.4Alexander Kanavin2022-12-011-1/+1
| | | | | | | | | | (From OE-Core rev: eafe1a235894790a28a8f951cff9ddc7913ba227) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 553c080e0e30c8f6b69b4c5fae72903ee45ef6ae) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-firmware: upgrade 20220913 -> 20221012Alexander Kanavin2022-12-011-3/+3
| | | | | | | | | | | | License-Update: copyright years, additional firmwares (From OE-Core rev: bb690da6ee765c40230f9919b012ceb51b9152ea) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 9f658c724b6635e5745f30b25601bcc51a004be4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: fix CVE-2022-2880Sakib Sajal2022-12-012-0/+179
| | | | | | | | | | Backport patch to fix CVE-2022-2880. (From OE-Core rev: a38f8316fdd0c9fc6fc7af195973028370935ba3) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: fix CVE-2022-42919 local privilege escalation via the ↵Vivek Kumbhar2022-12-012-0/+71
| | | | | | | | | | | | multiprocessing forkserver start method Upstream-Status: Backport from https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2 (From OE-Core rev: 9ed7184930707c98afabca8c6b712df874ad659f) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ffmpeg: fix for CVE-2022-3965Narpat Mali2022-12-012-0/+109
| | | | | | | | | | | | | | | | | | | | A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3965 Upstream Fix: https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd (From OE-Core rev: c1f1ab29b5e2911a15b072e7feb0133320bad976) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ffmpeg: fix for CVE-2022-3964Narpat Mali2022-12-012-0/+91
| | | | | | | | | | | | | | | | | | | | A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3964 Upstream Fix: https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984 (From OE-Core rev: 40a1c9d3c839df6479582ac27264fac851a0d4c3) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash: backport patch to fix CVE-2022-3715Xiangyu Chen2022-12-012-0/+34
| | | | | | | | | | CVE Reference: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-3715 (From OE-Core rev: 69a52a564f45dafeb65a93a45d3db9c1d178526a) Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: Backport fix for CVE-2021-4156Martin Jansa2022-12-012-0/+30
| | | | | | | | | | CVE: CVE-2021-4156 (From OE-Core rev: 174e79299d815f0a7dbef0668dc488ce10e89d3d) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* common-tasks.rst: fix oeqa runtime test pathMikko Rapeli2022-12-011-5/+5
| | | | | | | | | | | | It's "runtime/cases" in master and kirkstone. If layer specific tests are in "runtime" directory, they will not be found. (From yocto-docs rev: 23dcf002eec5136427554112af8679fc2b98e61d) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wic: make ext2/3/4 images reproducibleSergei Zhmylev2022-11-241-5/+24
| | | | | | | | | | | | | | | | Ext2/3/4 FS contains not only mtime, but also ctime, atime and crtime. Currently, all the files are being added into the rootfs image using mkfs -d functionality which affects all the timestamps excluding mtime. This patch ensures these timestamps inside the FS image equal to the SOURCE_DATE_EPOCH if it is set. (From OE-Core rev: da2c64b3158c58eb0a484d3acbdf0419df2d34e8) Signed-off-by: Sergei Zhmylev <s.zhmylev@yadro.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 75d2dd0ea7790db2e8ee921784ca373abff2df65) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't changeRichard Purdie2022-11-241-0/+7
| | | | | | | | | | | | | | | | | | Currently if you switch machines, gcc-source do_deploy_source_date_epoch would re-run as the stamps are tune specific. This hasn't caused much of an issue until now, however if we fix the gcc recipes to reuse the timestamp from this task, it does then create problems. Copy code from allarch to ensure this task hash doesn't change between machines/tunes. (From OE-Core rev: 1511cb3bae2d6e2dad48269108e68967ae302efc) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 7e052d03464ba5e880a6c5a0e45ff2f467ef97e8) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-source: Drop gengtype manipulationRichard Purdie2022-11-241-2/+0
| | | | | | | | | | | | | | | | Whilst we patch gengtype.cc, we don't patch gengtype-lex.cc which would be the file which would trigger regeneration of files. The real bug that was likely the cause for this fix is probably SDE issues with gcc shared workdir so this code can now be dropped. (From OE-Core rev: 8a49626bb32b40a2cf97fd8b80564b494ae38698) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 7ab82b5db2a737c2a0266280b15d343a27c0e1d5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-source: Fix gengtypes raceRichard Purdie2022-11-241-1/+1
| | | | | | | | | | | | | | | | | | | | gcc renamed .c files to .cc files: https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=5c69acb32329d49e58c26fa41ae74229a52b9106 but we didn't fix this reference which meant we re-introduced a race around gengtypes-lex.c. This lead to the race reappearing on the autobuilder. Fix the naming to avoid the problem again. [YOCTO #14953] (From OE-Core rev: ac7d5ea832c880002fd466360294ffb357e9c56c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit dbca40ed399405b663dbc3894e35596a2615f47d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-shared-source: Fix source date epoch handlingRichard Purdie2022-11-241-0/+10
| | | | | | | | | | | | | | | | | | | | | | | The source date epoch for gcc isn't being transferred from the shared workdir to the current WORKDIR for the specific recipe. This results in the clamping code within sstate.bbclass using a value from 2011 which changes the timestamps of many files. Since this happens part way through the build, if pieces of gcc haven't built, or build/rebuild later, we see things rebuilding when they should not and for generated files, races are possible. Fix this by copying the SDE from the shared workdir into the recipe workdir. [YOCTO #14953] (From OE-Core rev: 0511f24264bcc27d6b61edd2e16f899c985eb8ad) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit b996293b4c8ab7ff3ed852045d17290df29205df) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIRDiego Sueiro2022-11-241-0/+16
| | | | | | | | | | | | | | | | When building with CONFIG_MODVERSIONS=y and CONFIG_RANDSTRUCT=y we need to copy the build assets generated for the randstrutc seed to STAGING_KERNEL_BUILDDIR, otherwise the out-of-tree modules build will generate those assets which will result in a different RANDSTRUCT_HASHED_SEED. (From OE-Core rev: d6cb9dce1ffb14f9db497e9bb0cb7265ea4064ec) Signed-off-by: Diego Sueiro <diego.sueiro@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit b36303158b2e0273ff415bdedefb379f680b30fc) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: Consider PACKAGECONFIG in RRECOMMENDSNiko Mauno2022-11-241-2/+2
| | | | | | | | | | | | | | | Since RRECOMMENDS declaration implictly induces building the recipes that provide the runtime recommended packages, conditionalize adding such values according to associated PACKAGECONFIG settings in order to avoid redundant building. (From OE-Core rev: 41ecfff7a413fff178364d67c1bf96c8e6d31c30) Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit a1989add927f7805378fe4d5afbde780b747ba77) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libuv: fixup SRC_URIKai Kang2022-11-241-1/+1
| | | | | | | | | | | | | | Add the trailing '.git' to git repo uri in SRC_URI then it could share source code repo on premirror with grpc which uses libuv as a git submodule with fixed revision. (From OE-Core rev: 8e5d2044ff27b54a8013fbf2ecf1cccd2cf76871) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit cecdf616e7cf192cdc723a446be1d14c197c980d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACKRichard Purdie2022-11-241-1/+1
| | | | | | | | | | | | | | | | | | | Whilst SDE definitely needs to be exported, the fallback does not as it is only used in our python code via the datastore. It was introduced as an export in 9a1dde74e794362399193dc3f81c9685a83d0776 but even then it doesn't look like it needed to be, likely just a copy and paste mistake. Drop the export. (From OE-Core rev: 7a1555a0f4223f8ca4485b410de91098301d5896) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 74fb6539dd06acb0dd6a9af4809152975e8473e6) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* get_module_deps3.py: Check attribute '__file__'Leon Anavi2022-11-241-1/+1
| | | | | | | | | | | | | | | Check if the module object has attribute '__file__' to fix and avoid errors like: AttributeError: module '_abc' has no attribute '__file__'. Did you mean: '__name__'? (From OE-Core rev: 1684457df9fb7029a276df4438c8fc4a17e3e1e9) Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 8acce12c1a4cf37ac312c92d62a6ae93a349dddf) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: Point hciattach bcm43xx firmware search path to /lib/firmwareMarek Vasut2022-11-241-0/+2
| | | | | | | | | | | | | | | Currently the hciattach bcm43xx firmware loader looks up the firmware blob in /etc/firmware . Change this to /lib/firmware instead, so that the path is consistent with Linux kernel which also looks up firmware for the WiFi part in /lib/firmware . (From OE-Core rev: 67f6fe7d2cfb95c9a39a0d288daabf69babf6f17) Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 72b3b79ad8b980e8dd9470d16b72c2c70072bbc0) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libffi: submit patch upstreamAlexander Kanavin2022-11-241-1/+1
| | | | | | | | | | | (From OE-Core rev: c8c8945ded40a36b42da4e95974cf76796c15cfb) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9555a7dc768c32a009333232e25cef041054b7f7) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-07-06 16:42:46 +0000