Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=5.2_M2 2022-04-15T16:30:34+00:00 2022-04-15T16:30:34+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2022-04-15T11:19:31+00:00 urn:sha1:0674ae7bc46ebfa90c55bbedec6b22dc5f48dacf This includes a fix for CVE-2022-24765 (From OE-Core rev: a17dc42d82b12d7f891c903a02a0302b31829c88) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-04-13T15:52:24+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2022-04-12T10:21:13+00:00 urn:sha1:c362c7feef27db0ba4307d6a43987ecca2dab81c Everyone I've talked to doesn't see this as a major issue. The CVE asks for a documentation improvement on the --mirror option to git clone as deleted content could be leaked into a mirror. For OE's general users/use cases, we wouldn't build or ship docs so this wouldn't affect us. (From OE-Core rev: 5dfe2dd5482c9a446f8e722fe51903d205e6770d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-03-31T16:52:58+00:00 Rasmus Villemoes rasmus.villemoes@prevas.dk 2022-03-30T10:46:15+00:00 urn:sha1:767a6fb13336afad00da693d4364e06d8b478da3 It can be useful to use git on target (e.g. with some wrapper like etckeeper for keeping track of changes to /etc), and for such cases, it is likely one has no need for pulling from/pushing to http[s] repositories. From the INSTALL file: - "libcurl" library ... If you do not use http:// or https:// repositories, and do not want to put patches into an IMAP mailbox, you do not have to have them (use NO_CURL). - "expat" library; git-http-push uses it for remote lock management over DAV. Similar to "curl" above, this is optional (with NO_EXPAT). Setting --without-expat and --without-curl reduces the size of the installed "git" package from 18M to 12M, in addition to avoiding pulling those libraries into the rootfs. (From OE-Core rev: 49f81198c5d233a9a2612c3b8366681dd85bea59) Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-02-20T16:45:25+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2022-02-18T17:15:36+00:00 urn:sha1:b0130fcf91daee0d905af755302fabe608da141c An automated conversion using scripts/contrib/convert-spdx-licenses.py to convert to use the standard SPDX license identifiers. Two recipes in meta-selftest were not converted as they're that way specifically for testing. A change in linux-firmware was also skipped and may need a more manual tweak. (From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-02-08T14:20:18+00:00 Alexander Kanavin alex.kanavin@gmail.com 2022-02-07T09:16:21+00:00 urn:sha1:a7f7161ff4c681796ddc0d3bab40d92994e8f447 (From OE-Core rev: edeb2a1a4cfd16706da6815af198d133a94b5ac6) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-02-03T09:05:14+00:00 Alexander Kanavin alex.kanavin@gmail.com 2022-02-02T18:27:34+00:00 urn:sha1:f67ec4ff8b75ef4fde800a38672bc9a2ffdcd4a4 (From OE-Core rev: 278efd24b2d15a2ab666d3f255e18768d3bc7709) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>