summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
Commit message (Collapse)AuthorAgeFilesLines
* iso-codes: fix protocol in SRC_URIMartin Jansa2021-03-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | * it doesn't listen on http and the redirect sometimes doesn't work WARNING: iso-codes-4.6.0-r0 do_fetch: Failed to fetch URL git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http;branch=main;, attempting MIRRORS if available The protocol should be changed to https, like all other salsa.debian.org pulls are, so that it doesn't depend on mirrors.bbclass to resolve this. meta/classes/mirrors.bbclass:git://salsa.debian.org/.*     git://salsa.debian.org/PATH;protocol=https \n \ from log.do_fetch: DEBUG: Fetcher accessed the network with the command LANG=C git -c core.fsyncobjectfiles=0 fetch -f --progress http://salsa.debian.org/iso-codes-team/iso-codes.git refs/*:refs/* fatal: unable to access 'http://salsa.debian.org/iso-codes-team/iso-codes.git/': Couldn't connect to server WARNING: Failed to fetch URL git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http;branch=main;, attempting MIRRORS if available ... warning: redirecting to https://salsa.debian.org/iso-codes-team/iso-codes.git/ (From OE-Core rev: c0a06ffdfc5fccee247e750413711cba237fb982) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 749eeb8cfaa8ffcfda29f3f06a77debaf6304288) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* apr-util: Fix CFLAGS used in buildRichard Purdie2021-03-281-0/+2
| | | | | | | | | | | | We need to use CFLAGS with the correct WORKDIR in them, replace those in the sysroot file with the ones appropriate to the current recipe. (From OE-Core rev: ca466a17fb18334f307e2241c65f25d024f0a164) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 45edf189961aff1858be9bb7b63116073c0a0c10) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libevdev: Update patch status to backportRichard Purdie2021-03-101-1/+2
| | | | | | | | | | | The patch was submitted and merged upstream. (From OE-Core rev: 4fd20fa9c49019b039c5e39d6ed5c9b67732ce15) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 871bce0703ca9d14e5c44f6ee0b66fcb13cfb630) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Fix a race over creation of the desktop filesRichard Purdie2021-02-262-0/+34
| | | | | | | | | | | | | | The LINGUAS file can be written by two different Makefile targets and if they race, the desktop file contents isn't deterministic. Fix the makfile to avoid this. (From OE-Core rev: 29286073251847eb9931e232b8ff5e4a71f5de5f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 416bc7b697764075fbf73683cd8bddf36d839244) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Improve determinismRichard Purdie2021-02-261-0/+2
| | | | | | | | | | | | | Add a couple of configure options to avoid determism issues in the vim build. This can happen due to the addition of glib-2.0 to the native sysroot through later task additions to the sysroot through indirect dependencies. (From OE-Core rev: d1ba11457ebfdbdc0b717b6c5798bb9930e71c88) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 914f86054f5ea0a115767c1b3d9cdb4c4ef9545b) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gpgme: use python3targetconfigAlexander Kanavin2021-02-111-1/+1
| | | | | | | | | | (From OE-Core rev: 9a39776026f535f90f1f16e3de74e1eab83c47c1) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 375d13fcb362b48e57ba8851b03f2b72dd44da11) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libcroco: Added CVEsaloni2021-02-112-0/+195
| | | | | | | | | | | | | | | Added below CVE: CVE-2020-12825 Link: CVE-2020-12825 [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a] Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8 (From OE-Core rev: 5fbf670ec5606f628758b433fe956134b7261dd7) Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f8cee7386c556e1c5adb07a0aee385642b7a5568) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcrypt: Whitelisted CVEssaloni2021-02-111-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | Whitelisted below CVEs: 1. CVE-2018-12433 Link: https://security-tracker.debian.org/tracker/CVE-2018-12433 Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433 CVE-2018-12433 is marked disputed and ignored by NVD as it does not impact crypt libraries for any distros and hence, can be safely marked whitelisted. 2. CVE-2018-12438 Link: https://security-tracker.debian.org/tracker/CVE-2018-12438 Link: https://ubuntu.com/security/CVE-2018-12438 CVE-2018-12438 was reported for affecting openjdk crypt libraries but there are no details available on which openjdk versions are affected and does not directly affect libgcrypt or any specific yocto distributions, hence, can be whitelisted. (From OE-Core rev: 461579e032f0490e69cc20ff526a898618f057b2) Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2943efe3f56d394308f9364b439c25f6a7613288) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: upgrade 20200601 -> 20210119zhengruoqin2021-02-052-39/+1
| | | | | | | | | | | | | | | 0001-certdata2pem.py-use-python3.patch removed since it is included in 20210119 (From OE-Core rev: afd86357e07f69090eaff4c5db2c517867dd4ccf) (From OE-Core rev: 5e86b849556e2801ec9124b5a4ad83180127b985) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3f1c05e14840ce0db9a8ca813dca0466520888d8) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* p11-kit: upgrade 0.23.21 -> 0.23.22Lee Chee Yang2021-02-051-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/p11-glue/p11-kit/releases/tag/0.23.22 Release notes: Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook anchor: Prefer persistent format when storing anchor [#329] common: Fix infloop in p11_path_build [#326, #327] proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [#325] common: Check for a NULL locale before freeing it [#321] Build and test fixes [#313, #315, #317, #318, #319, #323, #330, #333, #334, #335, #338, #339] https://github.com/p11-glue/p11-kit/commit/c4e75e10021ce86ab42682ea4936dce94ced2f77 patch to fix trailing newline using custom_target() caused error with DISTRO_FEATURES api-documentation due to meson bugs, enable manpages PACKAGECONFIG should prevent this error. | warning: failed to load external entity "../version.xml" | ../p11-kit-docs.xml:11: parser error : Failure to process entity version | <releaseinfo>for p11-kit &version;</releaseinfo> | ^ | ../p11-kit-docs.xml:11: parser error : Entity 'version' not defined | <releaseinfo>for p11-kit &version;</releaseinfo> | ^ | unable to parse ../p11-kit-docs.xml (From OE-Core rev: b112ba291835061640123c13784e2b33cc73f17d) (From OE-Core rev: f500435958fd676a00757a64572f06f5cb16c251) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 59b07a71f32c84e592d66595a2a7e1ae9c7ebef8) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: drop arm-intrinsics.patchMans Rullgard2021-01-272-56/+1
| | | | | | | | | | | | | This patch makes gcc produce broken code. It is unclear why it is there in the first place. Drop it. (From OE-Core rev: c6dac9e737b27dc0e2b02a75463b0eba4b9b01d0) Signed-off-by: Mans Rullgard <mans@mansr.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5f3cace37496fe1dc4fd045f688f7d441505c437) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Fix CVE-2020-8284, CVE-2020-8285, CVE-2020-8286Khairul Rohaizzat Jamaluddin2021-01-185-0/+2211
| | | | | | | | | | | | | | | | | | | | | | Backport the CVE patches from upstream https://github.com/curl/curl/commit/ec9cc725d598ac https://github.com/curl/curl/commit/a95a6ce6b809693a1195e3b4347a6cfa0fbc2ee7 https://github.com/curl/curl/commit/69a358f2186e04 https://github.com/curl/curl/commit/d9d01672785b.patch 0002-remove-void-protop-create-union-p.patch is added because the CVE-2020-8285 fix is dependent on it. CVE: CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 (From OE-Core rev: f1a0ea55c0ae2cce7f7c3c6c73f57c5b8222c860) Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libexif: fix CVE-2020-0198; CVE-2020-0452Changqing Li2021-01-123-0/+107
| | | | | | | | | | (From OE-Core rev: debcb0c39876e97e819e454b1524c2f8b94b0ce3) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 46d837442ab216941df2d02f60c69155463e02d8) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* apr-util: Only specify --with-dbm=gdbm if gdbm support is enabledPeter Kjellerstedt2021-01-041-3/+2
| | | | | | | | | | | | | Support for gdbm was made optional in 3260ad9e, but it was still being used unconditionally. (From OE-Core rev: a2eebe92daf0e0fb11422ea17f7029aeab2bcb9e) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 09d303ca295dc27874c72b30c37a64d1fdf4c5c0) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lz4: Use the new branch naming from upstreamRichard Purdie2020-12-181-1/+1
| | | | | | | | | | | | | Upstream renamed master -> dev, update SRC_URI to match. [YOCTO #14135] (From OE-Core rev: e18c593d57864f30b62d05d38d2916f058787f5a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3369aa0322693604533ef7d30dca234e52605fe2) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite3: add CVE-2015-3717 to whitelistRoss Burton2020-12-031-0/+2
| | | | | | | | | | | | | As per https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA this issue is believed to be either iOS specific, or fixed in 3.8.9. (From OE-Core rev: 2b68dc373895c2e609a5841841960c57ea457e22) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b781058267bd86bd979c50f4dfe8168c58dfa5a9) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libproxy: fix CVE-2020-26154Lee Chee Yang2020-11-292-0/+99
| | | | | | | | (From OE-Core rev: af85169a4dfb2fc4dc820409eb4a7756dc14e894) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libbsd: Remove BSD-4-Clause from main packageMark Jonas2020-11-201-1/+2
| | | | | | | | | | | | | | | libbsd contains a multitude of licenses. For (commercial) projects the 3rd clause of the BSD-4-Clause license can be problematic. But only a few man pages use this license. This means that the main package containing the binary library itself is not under BSD-4-Clause ruling. (From OE-Core rev: e822d8423fb836cc821b5c87d1b4f30477a313fd) Signed-off-by: Mark Jonas <toertel@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9c3e3f83b5fb162d161a7b9773d426418a22c05f) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ptest-runner: Fix license as it contains 'or later' clauseRichard Purdie2020-11-201-1/+1
| | | | | | | | | | | | The license headers are clear that the code is "or later", fix LICENSE to match. (From OE-Core rev: daa16f56f1596fa2987499d6b48b98f5b7aedca2) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5f0b5cdfcb104ac50222a47652e090ad8770e49f) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost-build-native: fix upstream version checkAlexander Kanavin2020-10-201-0/+2
| | | | | | | (From OE-Core rev: 2a2238a04f79042a18f886dfbeb9d3af3fc8f12e) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: Fix build on 32-bit arches with 64bit time_t onlyKhem Raj2020-10-202-0/+55
| | | | | | | (From OE-Core rev: 7a218adf9990f5e18d0b6a33eb34091969f979c7) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* License-Update: attr: Add a missing file to LIC_FILES_CHKSUM.Akira Shibakawa2020-10-171-0/+1
| | | | | | | | | | Although attr is licensed under LGPLv2.1 and GPLv2, LIC_FILES_CHKSUM does not include license file of LGPLv2.1, COPYING.LGPL. (From OE-Core rev: 61e87573b6e56e73f0283bb20d38b8c9df659924) Signed-off-by: Akira Shibakawa <arabishi900@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libproxy: fix CVE-2020-25219Lee Chee Yang2020-10-172-0/+62
| | | | | | | (From OE-Core rev: 3b1701a8e6bbeb51d2415a7a361efdadaae29b0b) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rngd: fix --debug to also filter syslog() callsYann Dirson2020-10-102-0/+47
| | | | | | | | | | | | | | | Debug logs were only controlled by --debug flag while in --foreground mode. In --daemon mode (the default for us) /var/log/message got stuffed with details of entropy pool refilling, which is useless in production, and hamful when log rotation then gets rid of the more useful logs. This change makes the two modes consistently only produce debug logs when --debug is specified. (From OE-Core rev: 914526868656fd279b13ba8e4d721d27cb2a8792) Signed-off-by: Yann Dirson <yann@blade-group.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: consolidate and update library listRoss Burton2020-10-081-12/+6
| | | | | | | | | | | | | | | | Add some new libraries to the list (fiber, headers, type_erasure). Move context/coroutine to the list instead of using overrides as it builds everywhere I can test it. Remove the mips16e override for wave as Boost fails so dramatically with mips16e enabled that this isn't even close to a fix. Someone who cares can fix this properly. (From OE-Core rev: 092228f2df6869e31b157ea08766b3e94bee6e29) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: don't specify gcc versionRoss Burton2020-10-081-1/+1
| | | | | | | | | | There's no need to specify an ancient GCC version here as Boost will probe it. (From OE-Core rev: 2339bf5b0aceb8e55f4b38e44b2383389e514393) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: build a standalone boost.buildRoss Burton2020-10-083-22/+27
| | | | | | | | | | | | | | | | Boost is a huge unirepo made from multiple submodules. To bootstrap it we need boost.build (previously bjam) which is also available as a solo repository. This smaller repository can unpack/build/package faster than the Boost unirepo can unpack. Rename the recipe to the current name of Boost.Build that installs a b2 binary, use the solo repository, and update the Boost recipe to use the b2 binary instead of bjam. (From OE-Core rev: 76079f921e596125b0e281ca95e2394d7688aaf2) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bjam-native: don't do debug buildsRoss Burton2020-10-063-71/+4
| | | | | | | | | | | | | | | | | | | | | Previously this recipe was changed to do debug builds because otherwise insane warns that the binary is already stripped. However, debug builds for boost.build also pass -O0. It turns out that given how large Boost is (or, how bad boost.build is) doing a release build with -O3 knocks a third off the walltime for a Boost package in my test, mainly by reducing how long it spends deciding that nothing needs to be rebuilt in do_install: PKG TASK ABSDIFF RELDIFF WALLTIME1 -> WALLTIME2 boost do_install -330.7s -69.2% 477.6s -> 146.9s boost do_compile -7.1s -2.7% 269.3s -> 262.2s Replace debug mode with INSANE_SKIP=already-stripped. (From OE-Core rev: 66d583d1b2bc54cac278c30b5dbc9fde016eb6ee) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* debianutils: update the debian snapshot versionMingli Yu2020-09-301-1/+1
| | | | | | | | | | | | | After debianutils upgrades to 4.11.1 in [1], there is no 4.11.1 source in the old debian snapshot. Update the snapshot version to fix the gap. [1] https://git.openembedded.org/openembedded-core/commit/?id=0c492a0768cd15ff40db35f459853e69c55f8cc6 (From OE-Core rev: a58f69f854c28d61a8c74b8af75b80b8695f6198) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: move the build directory outside of SRoss Burton2020-09-301-3/+9
| | | | | | | | | | | Instead of manually creating and deleting build directories, follow the idioms by setting B to WORKDIR/build, setting do_configure[cleandirs], and using ${B} where appropriate. (From OE-Core rev: 6ee1b1e6d65214ab32030ee4b37997f8a9871f25) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ptest-runner: Backport patch to fix inappropriate ioctl errorKhem Raj2020-09-281-2/+2
| | | | | | | | | | | | | | The srcrev bump is actually bring single commit [1] on top of 2.4.0 which fixes ptest runs with messges like ERROR: Unable to detach from controlling tty, Inappropriate ioctl for device [1] https://git.yoctoproject.org/cgit/cgit.cgi/ptest-runner2/commit/?id=834670317bd3f6e427e1ac461c07ada6b8936dfd (From OE-Core rev: 791da075619139fa55751f8013c73d2fbf0cf64c) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Change SRC_URI from http to httpsRandy MacLeod2020-09-231-1/+1
| | | | | | | | | | | | The official links on: https://curl.haxx.se/download.html use https now and we're seeing this warning: WARNING: curl-native-7.72.0-r0 do_fetch: Failed to fetch URL http://curl.haxx.se/download/curl-7.72.0.tar.bz2, attempting MIRRORS if available (From OE-Core rev: 0aa24abf6c4d68efa63026d2496b6adc16734d35) Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* diffoscope: upgrade 158 -> 160Pierre-Jean Texier2020-09-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This includes the following changes: Version 159: * Show "ordering differences only" in strings(1) output. (Closes: reproducible-builds/diffoscope#216) * Don't alias output from "os.path.splitext" to variables that we do not end up using. * Don't raise exceptions when cleaning up after a guestfs cleanup failure. * Make "Command" subclass a new generic Operation class. Version 160: * Check that pgpdump is actually installed before attempting to run it. Thanks to Gianfranco Costamagna (locutusofborg). (Closes: #969753) * Add some documentation for the EXTERNAL_TOOLS dictionary. * Ensure we check FALLBACK_FILE_EXTENSION_SUFFIX, otherwise we run pgpdump against all files that are recognised by file(1) as "data". (From OE-Core rev: 6433feb0705f969923d032cc289e7b210e11aa23) Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* at-spi2-core:upgrade 2.36.0 -> 2.36.1zangrc2020-09-121-2/+2
| | | | | | | (From OE-Core rev: 475c584e07612bfddc98f5a87ec5240c479fad54) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg: uprev 2.2.22 -> 2.2.23Saul Wold2020-09-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This addresses CVE-2020-25125 and provides some other minor updates and translations. Updated commits for reference: e234d04c3 Werner Koch Release 2.2.23 aeb8272ca Werner Koch gpg: Fix AEAD preference list overflow 038314665 Werner Koch po: auto update 1a4b0fd79 Yuri Chornoivan po: Update Ukrainian translation 93d10403a Jakub Bogusz po: Update Polish translation a8a8105bc Werner Koch po: Add key-check.c to the list of translatable sources. cad9955ac Petr Pisar po: Update Czech translation. 896c528ba Werner Koch gpg: Fix segv importing certain keys. 0a9665187 NIIBE Yutaka scd: Fix a regression for OpenPGP card. bcae9cd4e Nagy Ferenc László po: Minor update to the Hungarian translation. d2fe2ffd7 Werner Koch sm: Fix a bug in the rfc2253 parser f799b3ddb Werner Koch Post release updates (From OE-Core rev: 965683336816eba7cb0548e59faf224f74b306b1) Signed-off-by: Saul Wold <saul.wold@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add vendors to CVE_PRODUCT to exclude false positivesRoss Burton2020-09-081-1/+3
| | | | | | | | | | To avoid false positives (such as CVE-2010-0734, rubygems:curl), expand the CVE_PRODUCT list to include all the vendors that have been used. (From OE-Core rev: bb265122cccea9466405fdd924ad10ce8cda0dec) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: CVE-2020-24659Zhixiong Chi2020-09-082-0/+118
| | | | | | | | | | | Backport the CVE patch from the usptream: https://gitlab.com/gnutls/gnutls.git commit 29ee67c205855e848a0a26e6d0e4f65b6b943e0a (From OE-Core rev: 84b1bc500e318657cb7a8a189b59cc63bc91dca3) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* debianutils: change SRC_URI to use snapshot.debian.orgRoss Burton2020-09-051-1/+1
| | | | | | | | | | | The primary Debian archive only contains tarballs which are currently shipped in a release, so it's easy for a tarball we need to disappear. Instead, point at snapshot.debian.org to ensure the link remains valid. (From OE-Core rev: ce48e7d72fc9b747f9c35191d1954a58544ccfe1) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg: update 2.2.21 -> 2.2.22Alexander Kanavin2020-09-034-14/+12
| | | | | | | (From OE-Core rev: ad9f9fd5609c2014454c73045bc603c9883977e3) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* re2c: upgrade 2.0.2 -> 2.0.3Alexander Kanavin2020-09-031-1/+1
| | | | | | | (From OE-Core rev: e85e15929275491b94fa6566f663aa691c335edf) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* p11-kit: upgrade 0.23.20 -> 0.23.21Alexander Kanavin2020-09-031-1/+1
| | | | | | | (From OE-Core rev: 6e811db2f614500f16415fc09801f229968428e7) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libmpc: upgrade 1.1.0 -> 1.2.0Alexander Kanavin2020-09-031-2/+1
| | | | | | | (From OE-Core rev: db74ff03bc72236f7b72647708081bd9446de60f) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* enchant2: upgrade 2.2.8 -> 2.2.9Alexander Kanavin2020-09-031-2/+1
| | | | | | | (From OE-Core rev: 1c6de77995be347b9c9c2c153172e4957e71bca9) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* debianutils: upgrade 4.11 -> 4.11.1Alexander Kanavin2020-09-031-1/+1
| | | | | | | (From OE-Core rev: 0c492a0768cd15ff40db35f459853e69c55f8cc6) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* diffoscope: upgrade 156 -> 158Joshua Watt2020-09-021-1/+1
| | | | | | | (From OE-Core rev: 017aff2bc127cad6c9d0f6feefc2e200a06efec2) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgpg-error:upgrade 1.38 -> 1.39zangrc2020-08-273-180/+1
| | | | | | | | | | | 0003-build-Fix-cross-compiling-into-a-separate-build-dir.patch 0005-src-gen-lock-obj.sh-add-a-file.patch Removed since these are included in 1.39 (From OE-Core rev: 73cc232e0f85b6f65403ba259770d8f85ccfd63f) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libcap-ng:upgrade 0.7.10 -> 0.7.11zangrc2020-08-276-70/+10
| | | | | | | | | | | | | | 0001-configure.ac-add-library-if-header-found.patch 0002-Wrap-pthread_atfork-usage-in-HAVE_PTHREAD_H.patch Removed since these are included in 0.7.11 Refresh the following patch: python.patch (From OE-Core rev: e883035f13ee86a63eaffe5ac55bf2ce20c5ba10) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libcap:upgrade 2.42 -> 2.43zangrc2020-08-271-1/+1
| | | | | | | (From OE-Core rev: 437f827e98ca6b98c978ae736b7340f213d057f3) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpsl: update 0.21.0 -> 0.21.1.Alexander Kanavin2020-08-253-83/+2
| | | | | | | (From OE-Core rev: f89396ccea48688c1ccc6ed29f3a119052fbcce5) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gpgme: update 1.13.1 -> 1.14.0Alexander Kanavin2020-08-252-9/+6
| | | | | | | (From OE-Core rev: c3ca89862b90a8e42eaa7e2e5acdf1d65a14a7bb) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-09 06:52:17 +0000