aboutsummaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
* openssl-sys, spl-token-upgrade-cli: testsjansa/masterMartin Jansa4 days2-0/+775
| | | | | | * playing with cargo-bitbake Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* icecc: enable network in tasks only when ICECC_DISABLED isn't setMartin Jansa4 days1-4/+4
| | | | | | * this depends on bitbake-worker change to expand the network varFlag Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* staging.bbclass: process installed dependencies in deterministic order as wellMartin Jansa4 days1-1/+1
| | | | | | | | | | | | * similarly as direct dependencies before * this doesn't fix any issue (at least AFAIK), just keeps the log files more deterministic to avoid unnecessary churn like in: perl-native.log.do_configure: -NOTE: Installed into sysroot: ['zlib-native', 'make-native', 'perlcross-native', 'gdbm-native', 'xz-native', 'gettext-minimal-native', 'texinfo-dummy-native', 'libtool-native'] +NOTE: Installed into sysroot: ['zlib-native', 'make-native', 'perlcross-native', 'gdbm-native', 'libtool-native', 'gettext-minimal-native', 'texinfo-dummy-native', 'xz-native'] Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* report-error.bbclass: replace angle brackets with &lt; and &gt;Changqing Li4 days1-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | when we have below content in local.conf or auto.conf: BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <raj.khem@gmail.com>" send-error-report will fail with "HTTP Error 500: OK" error-report-web do rudimentary check on all fields that are passed to the graphs page to avoid any XSS happening, if contains '<', the server will return error(Invalid characters in json). fixed by use escape of <> to replace it. NOTE: with this change, error-report-web need to add filter 'safe' for the string wanted to display to avoid further HTML escaping prior to output. Below is how the content displayed on webpage: with the filter 'safe': BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <raj.khem@gmail.com>" without the filter 'safe': BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj &lt;raj.khem@gmail.com&gt;" Another patch for error-report-web will send to yocto mail list. [YOCTO #13252] Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* report-error: Allow to upload reports automaticallyMartin Jansa4 days2-3/+128
| | | | | | | * useful when distro wants to collect build statistics from all users/developers without any manual interaction from them Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* qemux86: Add identical qemux86copy variant for testsMartin Jansa4 days1-0/+3
| | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* bitbake.conf: introduce LINKER/BUILD_LINKER variablesMartin Jansa4 days1-2/+4
| | | | | | | | | | | | * makes it a bit easier to replace ld with ld.bfd or some other implementation in LD/BUILD_LD variables without changing this whole variable and without depending on ld-is-gold to set ld symlink to preferred implementation (or when we want to force different one for specific recipe, e.g. forcing bfd where gold fails, like in ltp) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* image*.bbclass, kernel*.bbclass: create versioned hard links instead of ↵Martin Jansa4 days9-51/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | version-less symlinks * We used to create the actual artifact files with some version in the filename and then created symlink without any version which was updated to point to the latest one created. In some scenarios it's useful to create all artifacts - typically rootfs and kernel images with the same version - like release build even when the kernel itself wasn't modified since the previous release. If we include the release version in the regular _NAME variables then we'll need to re-run do_deploy and do_image which will cause kernel to be rebuilt and image to be re-created even when the only change since last build was the version number. With this change we can re-use kernel and image from sstate when nothing was changed and run only very fast do_deploy_links task which just adds another hard link to existing artifact from sstate. * This is already used by various LGE builds as do_webos_deploy_fixup() https://github.com/webosose/meta-webosose/blob/master/meta-webos/classes/webos_deploy.bbclass but injecting this task in all the right places id difficult and sometimes requires whole bbclass to be duplicated. Having simpler way of versioning artifacts directly in oe-core might be useful for others. * move IMAGE_VERSION_SUFFIX from _NAME variables to _LINK_NAME that way e.g. kernel.do_deploy can be reused from sstate to provide "version-less" artifacts and then very fast do_deploy_links task just adds links with consistent suffixes (by default the version from the recipe but could be easily set to e.g. some release name when building some products). * create hard links instead of symlinks, so that whatever version the filename says is really there * some IMAGE_FSTYPES might need the "version-less" IMAGE_NAME file to be removed first or they might either append or update the content of the image instead of creating new image file from scratch - I have seen this only with one proprietary format we generate with our own tool, so hopefully this isn't very common * this is basically the mechanism are using in webOS with WEBOS_IMAGE_NAME_SUFFIX which is for official builds set from jenkins job and then all artifacts (images as well as corresponding kernel files) have the same version string) * without this, you can still easily set the variables to contain the version from jenkins job (excluded from sstate signature like DATETIME currently is to prevent rebuilding it everytime even when the content didn't change) but then when kernel is reused from sstate you can have version 1.0 used on kernel artifacts and 2.0 on image artifacts. * if you don't exclude the version string with vardepsexclude, then you get the right version in the filenames but for cost of re-executing do_deploy every single time, which with rm_work will cause all kernel tasks to be re-executed (together with everything which depends on it like external modules etc). * the implementation "from outside" is a bit tricky as shown in webOS OSE, because first you need to reverse the meaning of IMAGE_NAME and IMAGE_LINK_NAME like here, but also replace all symlinks with hardlinks and then adjust all recipes/bbclasses to depend on our do_deploy_fixup task instead of the original do_deploy see the variable modifications: https://github.com/webosose/meta-webosose/blob/a35e81622aae1066591e44a132d01297ff478248/meta-webos/conf/distro/include/webos.inc#L65 and then various bbclasses to hook do_webos_deploy_fixup task creating the hardlinks for possible artifacts: https://github.com/webosose/meta-webosose/blob/a35e81622aae1066591e44a132d01297ff478248/meta-webos/classes/webos_deploy.bbclass https://github.com/webosose/meta-webosose/blob/a35e81622aae1066591e44a132d01297ff478248/meta-webos/classes/kernel.bbclass https://github.com/webosose/meta-webosose/blob/a35e81622aae1066591e44a132d01297ff478248/meta-webos/classes/image.bbclass so hopefully with all these changes in oe-core other project can achieve the same just by setting one variable IMAGE_VERSION_SUFFIX * drop ${PKGE}-${PKGV}-${PR} from kernel artifacts names (this is the latest build) and add it only in hardlinks created in do_deploy_links so that we can use PKGR there again (because these links are generally used only by human operators and they don't have their own TASKHASH or the IMAGE_VERSION_SUFFIX might be set to some release name which they do understand * this allows to drop package_get_auto_pr from kernel do_deploy as well, leaving only 2 EXTENDPRAUTO bumps for each kernel build (do_package and do_deploy_links, unfortunatelly these will still have different value, so if you're looking for the exact kernel image in deploy directory based on kernel image package version seen on the device the EXTENDPRAUTO part of PR will be different). [YOCTO #12937] Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* images: respect IMAGE_NAME_SUFFIX also for *-testdata.json and ↵Martin Jansa4 days6-14/+17
| | | | | | | | | *-qemuboot.conf files * it might be cleaner to move these including the suffix into image-artifacts.bbclass Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* mesa: enable glvnd supportVincent Davis Jr5 days2-6/+15
| | | | | | | | | | Allows mesa to be built with glvnd support. Thus, creates libEGL_mesa.so* and libGLX_mesa.so* mesa(vendor) libraries meant to coexist with vendor neutral dispatch libraries from libglvnd. Signed-off-by: Vincent Davis Jr <vince@underview.tech> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* bitbake.conf: Simplify CACHE settingRichard Purdie5 days1-1/+1
| | | | | | | | | | | | | | | A long time ago the bitbake cache didn't use hashes in it's filename and hence values such as MACHINE were needed in the path to the cache file so that when switching MACHINE, a new cache wasn't always parsed. Times have moved on, we have a hash which represents the configuration and the caches are reused if there is an existing hash that matches. This means the values added to CACHE are obsolete and not needed, we can drop them. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* iputils: update to 20221126Petr Vorel5 days2-50/+6
| | | | | | | | | | This release removed: ninfod, rarpd, rdisc. Remove also related, not yet upstreamed patch. License-Update: ninfod, rarpd, rdisc and switch to SPDX identifier. Signed-off-by: Petr Vorel <petr.vorel@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* selftest/runqemu: reenable the nfs rootfs testAlexander Kanavin5 days1-12/+2
| | | | | | | | | With the previous fixes the test can be run again, and it doesn't need all those extra steps. Runqemu takes care of everything automatically now. Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* qemu-helper: depend on unfs3 and pseudo directlyAlexander Kanavin5 days2-2/+2
| | | | | | | | | The eliminates having to do extra steps (e.g. meta-ide-support) when booting an image with a nfs mount as rootfs - startng runqemu with a nfs mount starts to 'just work' after building an image. Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* unfs: update 0.9.22 -> 0.10.0Alexander Kanavin5 days13-637/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the first release in 13 years; I have reviewed the accumulated patches, and dropped some of them where purpose or issue being fixed is not clear. Specifically: 0001-Add-listen-action-for-a-tcp-socket.patch 0001-daemon.c-Libtirpc-porting-fixes.patch fixed upstream in https://github.com/unfs3/unfs3/commit/84ab475f93c0af437ece21770617603c508dee8c 0001-attr-fix-utime-for-symlink.patch addresses an open issue in https://github.com/unfs3/unfs3/issues/4 please rebase and re-submit as a PR if the problem is still present. alternate_rpc_ports.patch unnecessary as of https://git.yoctoproject.org/poky/commit/?id=6bb9860ef7ba9c84fe9bd3a81aa6555f67ebd38e Command line options introduced by the patch no longer used anywhere. fix_compile_warning.patch merged upstream. fix_pid_race_parent_writes_child_pid.patch rebased and re-submitted upstream. no-yywrap.patch dropped as backport. relative_max_socket_path_len.patch needs to be re-submitted by the original author, purpose and reproducer scenario unclear. rename_fh_cache.patch merged upstream. tcp_no_delay.patch purpose and use case for oe unclear. unfs3_parallel_build.patch fixed upstream in https://github.com/unfs3/unfs3/commit/987d32ca12222aeb48d46b4e1c9d39bab38ad431 https://github.com/unfs3/unfs3/commit/a39a78995ca8c6f8dd22da93dd60b4a1f8d32728 Drop -N option from oeqa nfs helper and runqemu helper; the option was provided by tcp_no_delay.patch and is not needed for the tests or qemu. Drop ad hoc libtirpc support; upstream supports it directly now. Drop the check for portmap/rpcbind, it is unnecessary as of https://git.yoctoproject.org/poky/commit/?id=6bb9860ef7ba9c84fe9bd3a81aa6555f67ebd38e Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* u-boot: Add /boot in SYSROOT_DIRSFabre Sébastien5 days1-0/+1
| | | | | | | | To be able to use /boot files, like UBOOT_ENV_BINARY, in other recipes, like kernel-fitimage.bbclass. Signed-off-by: Fabre Sébastien <sebastien.fabre@actia.fr> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* libsdl2: update 2.24.2 -> 2.26.0Markus Volk6 days2-41/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - add PACKAGECONFIG for libdecor - add PACKAGECONFIG for pipewire - remove native patch, CMakeLists.txt has been reworked, still needed ? In addition to lots of bug fixes, here are the major changes in this release: General: Updated OpenGL headers to the latest API from The Khronos Group Inc. Added SDL_GetWindowSizeInPixels() to get the window size in pixels, which may differ from the window coordinate size for windows with high-DPI support Added simulated vsync synchronization for the software renderer Added the mouse position to SDL_MouseWheelEvent Added SDL_ResetHints() to reset all hints to their default values Added SDL_GetJoystickGUIDInfo() to get device information encoded in a joystick GUID Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_360 to control whether the HIDAPI driver for XBox 360 controllers should be used Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_360_PLAYER_LED to control whether the player LEDs should be lit to indicate which player is associated with an Xbox 360 controller Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_360_WIRELESS to control whether the HIDAPI driver for XBox 360 wireless controllers should be used Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_ONE to control whether the HIDAPI driver for XBox One controllers should be used Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_ONE_HOME_LED to control the brightness of the XBox One guide button LED Added support for PS3 controllers to the HIDAPI driver, enabled by default on macOS, controlled by the SDL_HINT_JOYSTICK_HIDAPI_PS3 hint Added support for Nintendo Wii controllers to the HIDAPI driver, not enabled by default, controlled by the SDL_HINT_JOYSTICK_HIDAPI_WII hint Added the hint SDL_HINT_JOYSTICK_HIDAPI_WII_PLAYER_LED to control whether the player LED should be lit on the Nintendo Wii controllers Added the hint SDL_HINT_JOYSTICK_HIDAPI_VERTICAL_JOY_CONS to control whether Nintendo Switch Joy-Con controllers will be in vertical mode when using the HIDAPI driver Added access to the individual left and right gyro sensors of the combined Joy-Cons controller Added a microsecond timestamp to SDL_SensorEvent and SDL_ControllerSensorEvent, when the hardware provides that information Added SDL_SensorGetDataWithTimestamp() and SDL_GameControllerGetSensorDataWithTimestamp() to retrieve the last sensor data with the associated microsecond timestamp Added the hint SDL_HINT_HIDAPI_IGNORE_DEVICES to have the SDL HID API ignore specific devices SDL_GetRevision() now includes more information about the SDL build, including the git commit hash if available Windows: Added the hint SDL_HINT_MOUSE_RELATIVE_SYSTEM_SCALE to control whether the system mouse acceleration curve is used for relative mouse motion macOS: Implemented vsync synchronization on macOS 12 Linux: Added SDL_SetPrimarySelectionText(), SDL_GetPrimarySelectionText(), and SDL_HasPrimarySelectionText() to interact with the X11 primary selection clipboard Added the hint SDL_HINT_VIDEO_WAYLAND_EMULATE_MOUSE_WARP to control whether mouse pointer warp emulation is enabled under Wayland Android: Enabled IME soft keyboard input Added version checking to make sure the SDL Java and C code are compatible Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* tiff: Security fix for CVE-2022-3970Qiu, Zheng6 days2-0/+40
| | | | | | | | | | | | | | This patch contains a fix for CVE-2022-3970 Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security-tracker.debian.org/tracker/CVE-2022-3970 Patch generated from : https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* gawk: update 5.1.1 -> 5.2.1Alexander Kanavin6 days3-11/+35
| | | | | | | | | | | | Place gawkbug into a separate package, as it includes target information which causes multilib conflicts. Adjust ptests so they are correctly executed: - unset LANG before starting - do not patch /usr/local/bin into /usr/bin; this is not correct Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* ell: upgrade 0.53 -> 0.54Markus Volk6 days1-1/+1
| | | | | | | iwd-2.0 will require ell 0.54 Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* kbd: Don't build testsOla x Nilsson6 days1-0/+1
| | | | | | | | | Add --disable-tests to EXTRA_OECONF as the tests are not usable in ptest - they can only run in-situ - and fails to build when building with -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64. Signed-off-by: Ola x Nilsson <olani@axis.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* valgrind: remove most hidden tests for arm64Qiu, Zheng6 days1-224/+3
| | | | | | | | | | | | | | | | | | | | | | | | An earlier version of valgrind fixed the defunct processes bug, so those tests that were skipped specifically for arm can pass now in master, kirkstone, honister, hardknott, and dunfell. Detailed test result with remove-for-aarch64 skipped on qemuarm64: Commit Pass Fail Skip master 624 9 21 kirkstone 618 10 20 honister 616 10 19 hardknott 609 13 18 dunfell 598 16 17 zeus Out of memory: Killed (with many defunct processes) There are now only 12 skipped by remove-for-aarch64 because 9 fail on qemuarm64 and 3 more fail on raspberry pi. These are tracked by: https://bugzilla.yoctoproject.org/show_bug.cgi?id=14960 Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Randy MacLeod <randy.macleod@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* base: Drop do_package base definitionRichard Purdie6 days1-5/+1
| | | | | | | | | I can't see how anyone would be using this very old package function definition since package.bbclass is always inherited in modern OE. All it seems to do is waste CPU cycles. Drop it and it's associated EXPORT_FUNCTIONS entry. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* opkg: Set correct info_dir and status_file in opkg.confHarald Seiler6 days1-1/+3
| | | | | | | | | | | | | | | | | | | | Distros can customize the location of OPKG data using OPKGLIBDIR. In OE-Core commit 11f1956cf5d7 ("package_manager.py: define info_dir and status_file when OPKGLIBDIR isn't the default"), a fix was applied to correctly set the info_dir and status_file options relative to OPKGLIBDIR. However, as the commit message notes, the opkg.conf file deployed as part of the opkg package must also be adjusted to correctly reflect the changed location. Otherwise, opkg running inside the image cannot find its data. Fix this by also setting the info_dir and status_file options in opkg.conf to the correct location relative to OPKGLIBDIR. Fixes: 11f1956cf5d7 ("package_manager.py: define info_dir and status_file when OPKGLIBDIR isn't the default") Signed-off-by: Harald Seiler <hws@denx.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* psmisc: add selinux PACKAGECONFIGMingli Yu6 days1-0/+1
| | | | | | | | | | Add selinux PACKAGECONFIG logic in selinux layer[1] to conform to yocto compliance. [1] https://git.yoctoproject.org/meta-selinux/commit/?id=31325005e4409e08b7f68eed44a9c4086453e4dd Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* cronie: add selinux PACKAGECONFIGMingli Yu6 days1-0/+1
| | | | | | | | | | Add selinux PACKAGECONFIG logic in selinux layer[1] to conform to yocto compliance. [1] https://git.yoctoproject.org/meta-selinux/commit/?id=31325005e4409e08b7f68eed44a9c4086453e4dd Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* util-linux: add selinux PACKAGECONFIGMingli Yu6 days1-0/+1
| | | | | | | | | | Add selinux PACKAGECONFIG logic in selinux layer[1] to conform to yocto compliance. [1] https://git.yoctoproject.org/meta-selinux/commit/?id=31325005e4409e08b7f68eed44a9c4086453e4dd Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* iproute2: add selinux PACKAGECONFIGMingli Yu6 days1-0/+1
| | | | | | | | | | Add selinux PACKAGECONFIG logic in selinux layer[1] to conform to yocto compliance. [1] https://git.yoctoproject.org/meta-selinux/commit/?id=31325005e4409e08b7f68eed44a9c4086453e4dd Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* sudo: add selinux and audit PACKAGECONFIGMingli Yu6 days1-0/+2
| | | | | | | | | | Add selinux and audit PACKAGECONFIG logic in selinux layer[1] to conform to yocto compliance. [1] https://git.yoctoproject.org/meta-selinux/commit/?id=31325005e4409e08b7f68eed44a9c4086453e4dd Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* man-db: update 2.10.2 -> 2.11.1Alexander Kanavin6 days1-4/+6
| | | | | | | | | | | | License-Update: upstream has clarified that the combined work is gpl3 due to use of gnulib. man-db's own pieces remain (l)gpl2 or later. https://salsa.debian.org/debian/man-db/-/commit/695a3560fdf91f829f21f00a502244b0cf28e29d https://salsa.debian.org/debian/man-db/-/blob/upstream/README.md#copyright-and-licensing Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* rsync: Delete pedantic errors re-ordering patchKhem Raj6 days2-45/+0
| | | | | | | | It has been fixed by removing the check upstream see https://github.com/WayneD/rsync/commit/9a3449a3980421f84ac55498ba565bc112b20d6c Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* ffmpeg: fix for CVE-2022-3965Narpat Mali6 days2-1/+111
| | | | | | | | | | | | | | | | | A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3965 Upstream Fix: https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* ffmpeg: fix for CVE-2022-3964Narpat Mali6 days2-1/+92
| | | | | | | | | | | | | | | | | A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3964 Upstream Fix: https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984 Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* webkitgtk: update 2.36.7 -> 2.38.2Alexander Kanavin6 days6-306/+40
| | | | | | | | | | | | | | | | | | | | Upstream has rewritten gobject introspection support, so the two related patches are ported to that: 0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch 0001-When-building-introspection-files-do-not-quote-CFLAG.patch The latter patch is also promoted from Inappropriate to Pending gtk-doc has been replaced with gi-docgen, accordingly 0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch is removed. Drop fix-gstreamer-include-paths.patch (backport) 0001-Fix-build-without-opengl-or-es.patch (upstream fixed the issue; follow the link in the patch for details) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* libpam: fix CVE-2022-28321Polampalli, Archana10 days2-0/+206
| | | | | | | | | | | | | | | | | | | | The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. References: https://nvd.nist.gov/vuln/detail/CVE-2022-28321 Upstream patches: https://github.com/linux-pam/linux-pam/commit/08992030c56c940c0707ccbc442b1c325aa01e6d https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* python3: make tkinter available when enabledMingli Yu11 days2-0/+2
| | | | | | | | | | | | After Python upgrade to 3.11, it requires pkg-config to detect tcl and tk when configure tkinter, so add tcl depends to fix below error. | The necessary bits to build these optional modules were not found: | _tkinter Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* tcl: correct the header location in tcl.pcMingli Yu11 days1-8/+30
| | | | | | | | | | | | | | | | | The patch alter-includedir.patch previouly install the header to /usr/include/tcl8.6, but it doesn't reflect in tcl.pc and the header location still /usr/include in tcl.pc and result in the below configure failure for other packages such as python3 which depends on tcl and uses pkg-config to detect tcl. | conftest.c:161:16: fatal error: tcl.h: No such file or directory 161 | #include <tcl.h> So update alter-includedir.patch to correct the header location in tcl.pc to keep consistency. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* local.conf.sample: update bbclass locationsTrevor Woerner11 days1-2/+3
| | | | | | | | | | Update comments indicating where to find various bbclass files. fixes: f5c1280083 (classes: Update classes to match new bitbake class scope functionality, 2022-08-10) Signed-off-by: Trevor Woerner <twoerner@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* sstate: show progress bar againEnrico Scholz12 days1-1/+5
| | | | | | | | | | | | | | | | Transition to ThreadPoolExecutor (eb6a6820928472ef194b963b606454e731f9486f) broke the | Checking sstate mirror object availability: ... progress bar because the removed 'thread_worker' was still referenced in an asynchronous function. As the result of the future is never read, the resulting backtrace is silently discarded. Replace the information given to 'ProcessProgress' by a counter. Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* vte: update 0.68.0 -> 0.70.1Alexander Kanavin12 days2-36/+4
| | | | | | | | | | Transition to gi-docgen from gtk-doc. Drop vala tweaks: gobject-introspection already does it correctly (with STAGING_LIBDIR included). Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* popt: update 1.18 -> 1.19Alexander Kanavin12 days4-75/+65
| | | | | | | | | | | | Patch is merged upstream. License-update: clarification https://github.com/rpm-software-management/popt/commit/dcec86df3cfc96d3dd3a3e9f7f1086b768d2d88f Backport a regression fix for gptfdisk. Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* libgpg-error: update 1.45 -> 1.46Alexander Kanavin12 days3-11/+15
| | | | | Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* icu: update 71.1 -> 72-1Alexander Kanavin12 days1-9/+13
| | | | | | | Update the recipe to reflect the change in version separator. Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* flac: update 1.4.0 -> 1.4.2Alexander Kanavin12 days1-6/+2
| | | | | | | | | License-Update: removed file, URL fix Remove options no longer supported upstream. Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* xf86-input-mouse: update 1.9.3 -> 1.9.4Alexander Kanavin12 days1-2/+2
| | | | | Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* libhandy: update 1.6.3 -> 1.8.0Alexander Kanavin12 days1-2/+2
| | | | | Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* texinfo: update 6.8 -> 7.0Alexander Kanavin12 days6-11783/+36
| | | | | | | Drop the gigantic gnulib patch: no longer necessary \0/ Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* shadow: update 4.12.3 -> 4.13Alexander Kanavin12 days6-140/+7
| | | | | | | | | | | Drop 0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch (issue fixed upstream) 0001-shadow-use-relaxed-usernames.patch (merged upstream) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* quota: update 4.06 -> 4.09Alexander Kanavin12 days3-51/+15
| | | | | Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
* tcl: update 8.6.11 -> 8.6.12Alexander Kanavin12 days3-29/+50
| | | | | Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>