Overview of changes in 1.50.10, 16-09-2022
=========================================
- Avoid some unnecessary strdups
- Fix line height computations with a non-trivial CTM
(From OE-Core rev: 78dc0bf6384349c23a54f59d89988ad242125581)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 884ce27b9cee231e093fe53192d04133c437404e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Include fixes for CVE-2022-3352.
(From OE-Core rev: 9067e3a24bc5558af6a41f2c5e6f16c37116e3ed)
Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 8aa707f80ae1cfe89d5e20ec1f1632a65149aed4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The meson-wrapper adds setup options to facilitate cross-compilation.
The current options are exclusive to the setup sub-command and might
cause issues with other sub-commands.
Update the wrapper to make options sub-command specific.
(From OE-Core rev: 4475250ee0d83cc90322f2fcd9ec8df7c05b6903)
Signed-off-by: Liam Beguin <liambeguin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7bcda141f2019862b4fb5d8dec7956cd8344b420)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE number in the patch is a typo. CVE-2022-2053 is not related to
libtiff. So fix it.
(From OE-Core rev: 3ef84008bf729f74f1244e8b57451cdeb3a9e262)
Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c9f76ef859b0b4edb83ac098816b625f52c78173)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream-Status: Backport from https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
Description:
CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption.
Affects "openssl < 3.0.6"
(From OE-Core rev: c28dc71f17133f6e4470fc0c1a552c743869b3ad)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f98b2273c6f03f8f6029a7a409600ce290817e27)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2022-39253 in git meant file:// urls within submodules were disabled. Add
a parameter to the commands in the tests to allow this to continue to work.
(Bitbake rev: 209f7ba352b60722830157054e3fc56cb9c693eb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a test for special characters in user and password to qualify
decodeurl() inspired by a bug report describing that '=' signs in a
password was problematic.
Add a second test to qualify decodeurl() as related to the change in
commit 628c4bf6c89b [fetch2/__init__: handle @ in package names].
Relates to [YOCTO #14476]
(Bitbake rev: ee04cf09c7022168c035affa654773652a49793e)
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In the case where hashlib is not available, the try would fail and fall
through resulting in a backtrace on the usage of the 'sig'. The backtrace
itself was confusing and made it difficult to determine what went wrong.
Update the import to be in it's own try block with an appropriate
message to indicate what went wrong.
Note, the current version of ply all of this code has been restructured
so this is not applicable upstream.
Additionally, some versions of hashlib don't appear to implement the
second FIPS related argument. Detect this and support both versions.
(Bitbake rev: 484ab42f440070c0369b81f5c69da860fa47a798)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Inform the reader that there should be no need for spaces in the value
when using removal override `:remove`.
Considering why spaces are used in the other override operators, it
might seem obvious that they aren't needed for the removal operator.
But, it seems like I'm not the first to be confused about this.
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Cc: Ross Burton <ross.burton@arm.com>
Cc: Nicolas Dechesne <nicolas.dechesne@linaro.org>
(Bitbake rev: 0a493a772f83436cbe909de93c157f4ab2d2d136)
Signed-off-by: Johan Korsnes <johan.korsnes@remarkable.no>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In OE-Core d6b15d1e70b99185cf245d829ada5b6fb99ec1af,
"openssl: export necessary env vars in SDK", the value added for
SSL_CERT_FILE was in conflict with the value used elsewhere, such as
in buildtools. This makes them match and fixes buildtools testsdk
failures.
(From OE-Core rev: d40f7ddcfbdd5cb1d9f96271fefddf67e9044bb9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From yocto-docs rev: 8e0841c3418caa227c66a60327db09dfbe72054a)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport the fix from upstream to fix this CVE.
(From OE-Core rev: 59f69125fb00dc8fd335f32fe6898e7a480141e4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
create-spdx can't detect the license properly if the case doesn't
match, so fix it.
(From OE-Core rev: 9c87828493784d996910d742006268a626ef0130)
Signed-off-by: Keiya Nobuta <nobuta.keiya@fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The urlopen() call can block indefinitely under some circumstances.
This can result in the bitbake process to run endlessly because of
the 'do_fetch' task of cve-update-bb-native to remain active.
This adds a default timeout of 60 seconds to avoid this hang, while
being large enough to minimize the risk of unwanted timeouts.
(From OE-Core rev: e5f6652854f544106b40d860de2946954de642f3)
Signed-off-by: Frank de Brabander <debrabander@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If a access or creation timestamp has 0 microseconds, then the test
fails as it doesn't expect this to be a valid value. Expand a previous
fix for modification times to cover these timestamps too.
[ YOCTO #14373 ]
(From OE-Core rev: 15715e6ad81c97cd50e288f3745615eb19be90d1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In current SDK, when running the following command in python
shell, we get an error.
$ python3
>>> from cryptography.hazmat.backends import openssl
The error message is as below:
cryptography.exceptions.InternalError: Unknown OpenSSL error.
We could set OPENSSL_MODULES explicitly in nativesdk-openssl package
so that when SDK is set up, it's in environment and we can
get rid of the above error.
Also, there are other env vars that need to be exported. And we export
all of them to keep sync with openssl-native.bbclass.
(From OE-Core rev: d6b15d1e70b99185cf245d829ada5b6fb99ec1af)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Unless we're using systemd, dbus is not pulled into the system
automatically. Bluez5 will not work without dbus so add it to RDEPENDS
explicitly.
(From OE-Core rev: 377ef7009a8638efe688b6b61f67ae399eb1f23d)
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When a new zlib release is made, the top-level URL is no longer available
and it is only available as a .gz under the /fossils/ directory.
When this happens the source fetch fails and bitbake noisily warns that
it is using the mirrors. Avoid this by using the .gz tarball and add
the /fossils/ directory to PREMIRRORS so fetches will check there too.
(From OE-Core rev: c67f71abc61afec701c50e4e7941128eb701fb0a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Support downloading crate files from a mirror at SOURCE_MIRROR_URL.
(From OE-Core rev: aebf4f183267a1e2f073078ade0ddc916ceed53f)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The change in commit e903b29f (gcc-cross: pass
-Werror=poison-system-directories to compiler stages) made it impossible
to disable the error using -Wno-error=poison-system-directories.
(From OE-Core rev: 1cb0245539f7d5277fae4e9abc7f2a0130d0caa8)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
perf has need for python setuptools when scripting is enabled
from 6.0.0 onwards it seems to throw an explicit error
(From OE-Core rev: da3d00178809bbf7cc453401e0c5937796ebc2c1)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add savedefconfig task which U-Boot supports (unfortunately not all
consumers of cml1 support this).
(From OE-Core rev: efc54f1f836651c8ef27a683a9e5d583c8ce87a6)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Splitting u-boot-configure.inc out of the base left duplicate
cml1.bbclass in the base include.
Fixes: fc9a17ad38 ("u-boot: Split do_configure logic into separate file")
(From OE-Core rev: 286f91f7659307bcdf0ba541b8d6b56db5604ceb)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some versions of hashlib don't appear to implement the second FIPS
related argument. Detect this and support both versions.
(From OE-Core rev: 2bbabed51e3aca138486d3feef640f5d3249be40)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
opkg-utils fetches using a cgit snapshot of a tag, which is not
reproducible as the tag could move, not reliable as a future dynamic
snapshot could have a different checksum, and a waste of CPU load as
these tarballs are built on demand.
Switch opkg-utils to use a proper git clone of the relevant SHA.
(From OE-Core rev: dafd2631a20ffd94e6f21c46938a010e92b57da4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Otherwise when the installation of recommended packages is prevented
(NO_RECOMMENDATIONS = "1"), then splash screen will not be cast.
(From OE-Core rev: 2a0928532b8303858980d6df6271669dbb69e224)
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
EFI has kernel features when need to be enabled for it to boot. Add the
existing kernel config fragment to the kernel config if this machine
feature is enabled.
(From OE-Core rev: 439f23eed94438494569f286b52e4f6c70ebac2f)
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add pam to PACKAGECONFIG to make the code cleaner.
(From OE-Core rev: 4d0c566a79cf7c0b7c86eaa7c99aa185fcf37bb5)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The externalsrc class was moved to classes-recipe as part of oe-core
f5c1280, but it can be used in both recipe and global contexts so move
it back to classes/.
(From OE-Core rev: 7a2edcd4b7cb5a2d829289a11eff62663268fbf3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since the commit "populate_sdk_base/images: Drop use of 'meta' class and
hence do_build dependencies"[1], builds of images or SDKs don't
recursively depend on the top-level do_build target. This is typically
a good thing: images just depend on the packages themselves and those
dependencies already exist, but they don't need each recipes sysroot to
be populated.
However, eSDK generation is partly done via the script oe-check-sstate,
which does a 'dry-run' build of the target and collates all of the
sstate that is used. With this commit the sstate that is used is a
fraction of what would be needed in the SDK, specifically there are no
sysroots populated during the build, so there are no sysroots in the
SDK.
This is obviously a problem, as the entire point of an eSDK is to
contain a sysroot. Resolve this problem by forcing bitbake to run the
build task for all targets, so that all potentially needed sstate is
collated.
[YOCTO #14626]
[1] 41d7f1aa2c
Tested-by: Andrej Valek <andrej.valek@siemens.com>
(From OE-Core rev: 1b62344f919b5122f048b6409d09386d7d6dd3cd)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The scriptutils import isn't used, there's no need to run bitbake
in a shell environment, and invoke bitbake as a list instead of a
string.
(From OE-Core rev: 663aa284adf312eb5c8a471e5dbff2634e87897d)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since "package_manager: Change complementary package handling to not
include soft dependencies"[1], complementary packages don't pull in
recommendations, just depends. However, ptest.bbclass has a recommends
on ptest-runner, so if ptest packages are in an image via the ptest-pkgs
IMAGE_FEATURE, ptest-runner doesn't get installed.
[ YOCTO #14928 ]
[1] oe-core b44b0b9294675f89aa51ff84f532664f4c479677
(From OE-Core rev: ecff0642be5781f7f6cca617158b04ac9a0e85f0)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Support installing buildtools-make-tarball that is built in version 4.1
and later for build hosts with a broken make version. Also update the
default version values to 4.1.
(From OE-Core rev: 5d539268d0c7b8fad1ba9352c7f2d4b81e78b75c)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ubuntu 21.10 is no longer updated by Canonical
and since 22.04 is available and supported, it's
no longer useful to test it and declare it as supported.
(From meta-yocto rev: 8f8bde4f5a9b37d3a93615c22b1896fd47973478)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This adds support for the Langdale (4.1) release and update the current
dev branch to Mickledore.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From yocto-docs rev: 271ae164ba901acacaf2fc910db78246637994aa)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From yocto-docs rev: 99dac0ecc497d50be652a47c8a2ce8855975e360)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[YOCTO #14508]
Reported-by: Quentin Schulz <foss@0leil.net>
(From yocto-docs rev: 664b658d9d23bb97b236bc0d09c9d3f118c582fc)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
--
Doing this to consistently replace any reference to a class
by the corresponding link. This is a bit trivial within the declaration
of a class, but helps making sure that this rule applies everywhere.
This helps for example to rename or remove classes from the
documentation.
See https://bugzilla.yoctoproject.org/show_bug.cgi?id=14508
As this change is time consuming, submitting the first part of it
as an RFC, to double check there is an agreement on doing this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Use the Wikipedia naming scheme: WSL 2 instead of WSLv2
- Take into account Windows Server 2019 and 2022 which are
supported too.
- Improve some explanations
(From yocto-docs rev: 35c5fb01d3543ef5e1f4edf337a2ab080b4e7956)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reviewed-by: Quentin Schulz <foss@0leil.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Clarfify the eSDK issue, and document the externalsrc issue.
(From yocto-docs rev: 25cbbe19c935293e0549d89b6716a0fae229113c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
