linux/meta-openembedded.git, branch styhead-nextMirror of git.openembedded.org/meta-openembeddedhttps://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=styhead-next2025-02-25T13:45:21+00:00sip: Upgrade 6.8.3 -> 6.8.62025-02-25T13:45:21+00:00Leon Anavileon.anavi@konsulko.com2025-02-06T16:40:29+00:00urn:sha1:c93994f1bb601c57548b588d4f77a044d90822cf
After the migration from Mercurial to GitHub the homepage has
changed and SIP has been licensed under the BSD-2-Clause license
since Feb 9, 2024. Upgrade to version 6.8.6:
- Handle single number macOS deployment targets
- Support for architectures where `char` is unsigned
- Support for building from git archives
- Run the tests using the current Python version
The project has a proper pyproject.toml which declares the
setuptools.build.meta PEP-517 backend.
Fixes:
WARNING: sip-6.8.6-r0 do_check_backend: QA Issue: inherits
setuptools3 but has pyproject.toml with setuptools.build_meta,
use the correct class [pep517-backend]
Please note SIP version 6.8.6 is present for branch Scarthgap and
it is required for PyQt6 6.8 from layer meta-qt6 (branch 6.8).
The work was sponsored by GOVCERT.LU.
License-Update: SIP is licensed under the BSD-2-Clause license.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
licenses/MINPACK: Remove2025-02-25T13:45:21+00:00Peter Kjellerstedtpeter.kjellerstedt@axis.com2025-02-11T00:09:58+00:00urn:sha1:5864abec5fb9fcdae36b445d0ebf2b34d988a69b
The libeigen recipe, which was the only user of this license file, now
uses the Minpack license from OE-Core instead.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libeigen: Remove LGPL code2025-02-25T13:45:21+00:00Peter Kjellerstedtpeter.kjellerstedt@axis.com2025-02-11T00:09:57+00:00urn:sha1:ac2364b61cf55910943d368974e50659fcd5ee99
Since libeigen is a header-only library, LGPL effectively has the same
properties as GPL when it comes to affecting the licensing of the code
that uses libeigen. To avoid the problem, backport a patch to remove all
LGPL-2.1 code from the library.
Switch to using "Minpack" rather than "MINPACK" as license since the
former is the official SPDX name.
Also correct the licenses for ${PN}, ${PN}-dbg and ${PN}-dev to reflect
that they do not contain any GPL code (the GPL code is only used for
benchmark tests and does not affect what is installed).
License-Update: Correct the license information
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
lvm2: Remove a lingering reference to ${PN}-udevrules2025-02-25T13:45:21+00:00Peter Kjellerstedtpeter.kjellerstedt@axis.com2025-02-11T00:09:56+00:00urn:sha1:c3b6e20141c155c05ea32f052c4844cb6c2faf21
The lvm2-udevrules package has not actually been created since commit
5d54a52fbeb69dba7b8ae11db98af4813951fa61.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
tbb: Re-enable hwloc support2025-02-25T13:45:21+00:00Peter Kjellerstedtpeter.kjellerstedt@axis.com2025-02-11T00:09:55+00:00urn:sha1:376903c60e4986e8f11b9dc4231086b931173733
The problem with using pkg-config to find hwloc when cross-compiling was
solved by upstream in 2021.13.0. However, the upgrade in commit
d8c5a72788ab0f2e36aee16e6d9e7555537366a5 missed that upstream defaults
to disabling searching for hwloc when cross-compiling.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ebtables: Remove the dependecy on bash2025-02-25T13:45:21+00:00Peter Kjellerstedtpeter.kjellerstedt@axis.com2025-02-11T00:09:54+00:00urn:sha1:ce59141da8a891706d55d580fe0ace42b8d4c07b
Rewrite ebtables-legacy-save to avoid using bashisms.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
lapack: fix buildpaths in ptest also when CBLAS is enabled2025-02-04T22:29:37+00:00Martin Jansamartin.jansa@gmail.com2025-01-27T08:54:14+00:00urn:sha1:6851cbf026088a13b2b45f684838d3dc4d7ccfdd
ERROR: lapack-3.12.0-r0 do_package_qa: QA Issue:
File /usr/lib/lapack/ptest/bin/xccblat3 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xdcblat3 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xdcblat1 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xscblat1 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xccblat2 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xzcblat2 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xzcblat1 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xccblat1 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xdcblat2 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xscblat2 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xscblat3 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xzcblat3 in package lapack-ptest contains reference to TMPDIR [buildpaths]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
lapack: add PACKAGECONFIG for cblas2025-02-04T22:29:37+00:00Martin Jansamartin.jansa@gmail.com2025-01-27T08:54:13+00:00urn:sha1:bcb97fcfcb8dfa96ed4f60936b747060f56d1503
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
audiofile: mark CVE-2020-18781 as patched2025-02-04T22:29:37+00:00Peter Markopeter.marko@siemens.com2025-01-17T19:33:21+00:00urn:sha1:35b9a267502abf00fee66e8f32477a5c2abab9c6
Per [1] this CVE is already patched by commit [2].
This can be also verified with yocto build.
Running without this patch:
root@qemux86-64:~# sfconvert poc.wav output format wave
malloc(): corrupted top size
Aborted
Running with it:
root@qemux86-64:~# sfconvert poc.wav output format wave
Audio File Library: Bad number of coefficients [error 62]
Could not open file 'poc.wav' for reading.
[1] https://github.com/mpruett/audiofile/issues/56
[2] https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 68f55c158e15a5d35702ae5c730586001e487f86)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
vorbis-tools: patch CVE-2023-433612025-02-04T22:29:37+00:00Peter Markopeter.marko@siemens.com2025-01-17T18:26:43+00:00urn:sha1:c7d64c705976024bdb537a2cec33c9223777c0d8
This is inactive project, so no official CVE fix will be available
anymore. That however does not mean that there is no fix available.
Following tries to prove that patch provided here is valid.
NVD CVE report [1] links issue [2] where this is reported.
Based on the report, fix was proposed in [3].
There was some review however the patch autor was not active.
[4] was later created trying to adddress the comments, but the project
was not active anymore. In this PR the patch was shrunk to a one-liner
in discussion.
I have tested the poc and it is real.
The patch fixes it, while not breaking the execution if good file path
is provided as argument.
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-43361
[2] https://github.com/xiph/vorbis-tools/issues/41
[3] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7
[4] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/8
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 67d94fecb0dbd4f979b09a439c614ee4f01fc0c2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>