Age | Commit message (Collapse) | Author |
|
The libdevmapper recipe don't provide any package and is only
there to resolve circular dependencies [1].
We already have the libdevmapper PREFERRED_RPROVIDER but the native
it's missing.
Fixes:
| NOTE: Multiple providers are available for runtime libdevmapper-native (libdevmapper-native, lvm2-native)
| Consider defining a PREFERRED_RPROVIDER entry to match libdevmapper-native
[1] https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/lvm2?id=3f64779eae2d8312f569bee863f90ec4f8176e6c
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
When building this recipe, internal archives are compressed with
gzip. The compressed archives contain a header with the field
MTIME (Modification Time) which is initialized from the built
date. As a consequence, two builds of this recipe always generate
packages whose checksum differs.
Adding the -n option to gzip while compressing the archive does
not save the original time stamp by default hence making
reproducible package.
Signed-off-by: Jean-Marc BOUCHE <jean-marc.bouche@foss.st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport of commit f60e4bfcb ("terminus-font: build compressed archives
with -n")
Signed-off-by: Jean-Marc BOUCHE <jean-marc.bouche@foss.st.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch
0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch
refreshed for 0.10.6
Changelog:
==========
* Fix CVE-2023-6004: Command injection using proxycommand
* Fix CVE-2023-48795: Potential downgrade attack using strict kex
* Fix CVE-2023-6918: Missing checks for return values of MD functions
* Fix ssh_send_issue_banner() for CMD(PowerShell)
* Avoid passing other events to callbacks when poll is called recursively (#202)
* Allow @ in usernames when parsing from URI composes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1bea2e8c3053e7ecffb04adaaded54555f2afa0b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Upgrade urgency SECURITY: See security fixes below.
Security fixes:
(CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a
race condition that can be used by another process to bypass desired Unix
socket permissions on startup.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5b34766daadf8f1e8ef3d55b24e0037c4d0727f5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is the latest stable release of the Samba 4.18 release series.
It contains the security-relevant bugfix CVE-2018-14628:
Wrong ntSecurityDescriptor values for "CN=Deleted Objects"
allow read of object tombstones over LDAP
(Administrator action required!)
https://www.samba.org/samba/security/CVE-2018-14628.html
Release Notes:
https://www.samba.org/samba/history/samba-4.18.9.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f4c3c747d6df6015eb1231f2867ffe43ddb9620e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Refer https://www.postgresql.org/docs/release/15.5/
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bcedf9f99ca683764ef19ab008e042c82da616ff)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 466370a087534eded974a1eef2a4431dda6900b3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changelog:
===========
- Fix flickering while playing videos with DMA-BUF sink.
- Fix color picker being triggered in the inspector when typing "tan".
- Do not special case the "sans" font family name.
- Fix build failure with libxml2 version 2.12.0 due to an API change.
- Fix several crashes and rendering issues.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a474db2702c59702c414f4c8ed4487251f10df6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changelog:
==========
- Bump Safari version in user agent header.
- Fix CSP regression that broke Unity WebGL applications.
- Fix the build with GBM disabled.
- Fix several crashes and rendering issues.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 700e3a36fbc70ef7ecd5fa2bc820f0922df5a528)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 32bae13bb8b8edf6b4af12ee7057493101c5fb14)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Remove one patch as the logic is included in the new version [1] [2].
Upgrade mariadb to 10.11.6 [3].
[1] https://github.com/MariaDB/server/commit/f4cec369a392c8a6056207012992ad4a5639965a
[2] https://github.com/MariaDB/server/commit/cd5808eb8da13c5626d4bdeb452cef6ada29cb1d
[3] https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 702cf1dc114d7c65cde4fe1d3f19a3314fccb7ff)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changelog:
===========
https://nginx.org/en/CHANGES
*) Change: improved detection of misbehaving clients when using HTTP/2.
*) Feature: startup speedup when using a large number of locations.
Thanks to Yusuke Nojima.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.
*) Bugfix: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.
*) Bugfix: memory leak during reconfiguration when using the PCRE2
library.
Thanks to ZhenZhong Wu.
*) Bugfixes and improvements in HTTP/3.
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dc4bef4648ea5ff73230ff2d343f498c93bd333b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changelog:
- Fixes a regression with handling OCSP error responses and adds a new
option to specify the length of nonces in OCSP requests. Also adds some
other improvements for OCSP handling and fuzzers for OCSP
requests/responses.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5be2e20157f3025f9e2370933267a56fd526c58e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The current SRCREV is not on any branch anymore, switch to the 1.12.4
branch HEAD which is similar and the only change is irrelevant.
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Branch "master" has been renamed to "main".
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Note that patch 0011-modules... is no longer needed as it's included in
the upgrade as well.
CVE: CVE-2023-43622
Signed-off-by: Dylan Turner <dylan.turner@ni.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9f0b5053410d5958e089351b93199efd3473d3de)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add patches fixing CVE CVE-2023-46752, CVE-2023-46753, CVE-2023-47234,
and CVE-2023-47235 to FRR 9.0.
Patch order is commit order, not CVE numerical order, to avoid fuzz /
need for rebasing of the patches.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-46752
https://nvd.nist.gov/vuln/detail/CVE-2023-46753
https://nvd.nist.gov/vuln/detail/CVE-2023-47234
https://nvd.nist.gov/vuln/detail/CVE-2023-47235
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 00e928bcb7e933ada8e67f3bfa887988d1ca9d61)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changelog:
==========
- Fixed a vulnerability in charon-tkm related to processing DH public values
that can lead to a buffer overflow and potentially remote code execution.
- The new `pki --ocsp` command produces OCSP responses based on certificate
status information provided by plugins.
- The cert-enroll script handles the initial enrollment of an X.509 host
certificate with a PKI server via the EST or SCEP protocols.
- The --priv argument for charon-cmd allows using any type of private key.
- Support for nameConstraints of type iPAddress has been added (the openssl
plugin previously didn't support nameConstraints at all).
- SANs of type uniformResourceIdentifier can now be encoded in certificates.
- Password-less PKCS#12 and PKCS#8 files are supported.
- A new global option allows preventing peers from authenticating with trusted
end-entity certificates (i.e. local certificates).
- ECDSA public keys that encode curve parameters explicitly are now rejected by
all plugins that support ECDSA.
- charon-nm now actually uses the XFRM interfaces added with 5.9.10, it can
also use the name in connection.interface-name.
- The resolve plugin tries to maintain the order of installed DNS servers.
- The kernel-libipsec plugin always installs routes even if no address is found
in the local traffic selectors.
- Increased the default receive buffer size for Netlink sockets to 8 MiB and
simplified its configuration.
- Copy the issuer's subjectKeyIdentifier as authorityKeyIdentifier instead of
always generating a hash of the subjectPublicKey.
- Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD
timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with
unrelated traffic selectors.
- Fixed a possible infinite loop issue in watcher_t and removed WATCHER_EXCEPT,
instead callbacks are always invoked even if only errors are signaled.
- Fixed a regression in the IKE_SA_INIT tracking code added with 5.9.6 when
handling invalid messages.
- Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs.
- Correctly encode SPI from REKEY_SA notify in CHILD_SA_NOT_FOUND notify if
CHILD_SA is not found during rekeying.
- The testing environment is now based on Debian 12 (bookworm), by default.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 077489fda8f27336942457da1eaa022804f327c2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This recipe sets the product name used for CVE checking to
"http_server". However, the cve-check logic matches that name to all
products in the CVE database regardless of vendor. Currently, it is
matching to products from vendors other than apache. As a result,
CVE checking incorrectly reports CVEs for those vendors' products for
this package.
Signed-off-by: Jeffrey Pautler <jeffrey.pautler@ni.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 51f70eaaa5973e385645f574093ee860f5648f88)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Due to the library file name change, the subpackage "geoslib"
does not get generated, and the main geos package has unsatisfied
dependencies.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 405ee461078cfed493bd6ca06f922860be5081d0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
GitHub has been redirecting for a while, so switch SRC_URI from
github.com/rhinstaller/libbytesize to
github.com/storaged-project/libbytesize instead without redirects.
Signed-off-by: Edi Feschiyan <edi.feschiyan@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 75bb23b3b03e225aa012be8bd5998223ae8f9b2f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
dnf-plugin-tui must work on nativesdk environment.
Now there's no warning when run the command "bitbake universe -c fetch".
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5211242d3f9d4a03cbe9e8af9beed4096a344958)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Take three CVE fixes from Fedora, as the upstream repository is now
dead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 458fd00233a73d75d43b21b86b1425d75947b154)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
python3-ninja is a build dependency for other python modules.
For this, python3-ninja must be built for native mode.
This partially reverts d4aa17dc436beb96a804860bc6d18cf72283709e
("meta-python: Drop broken BBCLASSEXTEND variants")
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9b5ee4b0b2bf1a2abb181983a960a3802bca688f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
python3-ninja is used as a build dependency by other modules.
For that, python3-ninja and all its dependencies must be built
in native mode.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0010c0c0553acb8a360b9743cec655950009d6b6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Error: Transaction test error:
file /usr/bin/h5cc conflicts between attempted installs of lib32-hdf5-1.14.2-r0.armv7ahf_neon and hdf5-1.14.2-r0.cortexa57
file /usr/bin/h5hlcc conflicts between attempted installs of lib32-hdf5-1.14.2-r0.armv7ahf_neon and hdf5-1.14.2-r0.cortexa57
The differences of h5cc are as follows:
@@ -44,7 +44,7 @@
exit $status
;;
*)
- /usr/bin/arm-pokymllib32-linux-gnueabi/arm-pokymllib32-linux-gnueabi-clang $@ `pkg-config --define-variable=prefix=$dir --cflags --libs hdf5`
+ /usr/bin/aarch64-poky-linux/aarch64-poky-linux-clang $@ `pkg-config --define-variable=prefix=$dir --cflags --libs hdf5`
status=$?
exit $status
;;
The differences of h5hlcc are as follows:
@@ -44,7 +44,7 @@
exit $status
;;
*)
- /usr/bin/arm-pokymllib32-linux-gnueabi/arm-pokymllib32-linux-gnueabi-clang $@ `pkg-config --define-variable=prefix=$dir --cflags --libs hdf5_hl`
+ /usr/bin/aarch64-poky-linux/aarch64-poky-linux-clang $@ `pkg-config --define-variable=prefix=$dir --cflags --libs hdf5_hl`
status=$?
exit $status
;;
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fc7666e5bc01ddcdc16d9d3b838be5c35d84fda2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ca49f2025e65713811e73e894c60cb78be1ed34c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
License-Update: Added Apache2 linking exception
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 45ad525348569f8f5f694a88bb311dbf83998304)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 730a12716efce66263da55045eac69554c24bc1b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Per convert-srcuri.py script, github repos should be accessed
via https.
Change it accordingly.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4cef1e68ea59510d85b778e11179a2dac47c658b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Per convert-srcuri.py script, github repos should be accessed
via https.
Change it accordingly.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 240b95417e0c3dc6b9a22179c73ed318fee36419)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Per convert-srcuri.py script, github repos should be accessed
via https.
Change it accordingly.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4f69d8c19880dc5e8d078c68206eebbc8781e49b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is 0.70 release with few more commits on top.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 08edc0b6ace0d04688a5617cf05546a7b8ba6cca)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites
* Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH
* Includes aesce compilation fixes
Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
The extra patch fixes x86 32-bit builds.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ae4e1e70a1493bb657190236122527130da93cb0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Christophe Vu-Brugier <christophe.vu-brugier@seagate.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a05f5a41b5b112121d6d6ae09019217b6a7ed9d4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
OpenBMC enables SPDX SBOM generation by default. For Meta's Bletchley
platform we found that mdio-tools and its relationships with both
mdio-netlink and the mdio-netlink kernel module break SPDX processing
while generating the rootfs after a kernel bump. For example, the
following output was generated by `bitbake obmc-phosphor-image`:
ERROR: obmc-phosphor-image-1.0-r0 do_rootfs: Cannot find any SPDX file for document http://spdx.org/spdxdoc/kernel-module-mdio-netlink-6.5.4-da279e9-00089-gda279e98c07f-89187488-3164-50cb-94c5-8b76a30ea093
The error occurred after the following patch was applied (again, in the
context of OpenBMC):
diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
index e6f98297c540..b852e993f0f6 100644
--- a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
+++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
@@ -1,6 +1,6 @@
KBRANCH ?= "dev-6.5"
-LINUX_VERSION ?= "6.5.4"
+LINUX_VERSION ?= "6.5.9"
-SRCREV="da279e98c07f9c948c60a434ab0043a55c26ea1d"
+SRCREV="fc8d4fdba5bd2b9b1cea2aa8a731531943c45aa7"
require linux-aspeed.inc
With the lack of a dependency the mdio-tools package is not rebuilt
subsequent to the kernel bump and the package information remains stale,
leading to an incorrect SPDX path being generated.
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 668cf43b21e27faa34b7c3c7133a480a9e4e480f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8ce73fefb0e05bf9177aed431578f17f1bb3cc5f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- add dependency on gnome-desktop and libsecret
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4eaf1b401823a41eb819aa8da49c76e0e160047b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
versioning patch when using lld only
This patch caused GNU linker to fail linking, therefore limit it to just
lld.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 22889b13f330e4753c5f72440abcfe42830f2f64)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 345ddd5f6d7db176446eebde14f6694ca818ce0d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8c04e90d0989793ee2b5894761ff8c6ed50a0ff1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
a87e9069 Release 2023.7
98f1501c Merge pull request #3081 from jlebon/pr/log-selinux-refresh
bdac515a lib/deploy: Log SELinux policy refresh
4085eee9 Merge pull request #2843 from jmarrero/retry
4fb6e6f5 ostree-repo-pull: add options to configure retry behavior
b9e73a38 Merge pull request #3078 from HuijingHei/karg-delete-array
67160862 doc: add `ostree admin deploy` option `--karg-delete`
003cb99c karg-delete: support multiple times
d788c5b5 Merge pull request #3075 from cgwalters/reenable-composefs
5d92407b Merge pull request #3077 from cgwalters/debug-finalization-lock
ac69c707 deploy: Remove lock when re-staging
833251cb tests: Use ext4, re-enable composefs test
824ac1af Merge pull request #3074 from cgwalters/more-errcontext-composefs
e75c5c6e Merge pull request #3073 from cgwalters/context-no-stateroot
4a3e43c7 composefs: Add more error prefixing
265b7f9e deploy: Improve error message for nonexistent stateroot
3894fe2a Merge pull request #3062 from alexlarsson/transient-etc
f617a341 Support transient /etc
cd0fc9f4 Merge pull request #3072 from alexlarsson/fix-whiteout-test
334f53d7 Merge pull request #3063 from cgwalters/label-usretc-as-etc
397a1176 tests: Fix whiteout test
81c08746 repo: Add an option to label /usr/etc as /etc
6cce2e23 Merge pull request #3067 from cgwalters/ci-composefs
734ea3ee ci: Disable composefs test for now
2f76b030 ci: Ensure composefs+openssl are is enabled on Fedora
befd8443 Merge pull request #3060 from owtaylor/export-hardlinks
3b2fd6e9 When exporting, use hardlinks for duplicated files
8c25452c Merge pull request #3049 from jlebon/pr/revert-virtiofs-hack
2363de71 Merge pull request #3059 from cgwalters/zipl-default-s390x
b8ce61ba Revert "ci: Run cosa unprivileged"
c4dcfbae Merge pull request #3046 from ostreedev/dependabot/submodules/composefs-cca8be4
e3d93a85 repo: Default bootloader to zipl on s390x
ec7bc823 Merge pull request #3058 from cgwalters/doc-authenticated-repos
d4adb795 docs: Add authenticated-repos.md
13be0786 Merge pull request #3021 from cgwalters/insttest-composefs-binding
46b7821d Merge pull request #3053 from ericcurtin/add_overlay_and_erofs_to_initrd
cecb59dd boot/dracut: Add erofs and overlayfs kernel modules
372cbd7a tests: Add an integration test for composefs signatures
cd606aa6 Merge pull request #3051 from cgwalters/rust-tests-update
87c43678 Merge pull request #3052 from cgwalters/switch-libglnx-source
01a847a2 gitmodules: Use github GNOME mirror
e3291ccc tests: Rework detection of trivial-httpd
878d6016 Merge pull request #3047 from ostreedev/dependabot/submodules/libglnx-aff1eea
ff73bebc build(deps): bump libglnx from `54ad67d` to `aff1eea`
7916cfb6 build(deps): bump composefs from `af86742` to `cca8be4`
92d25eb5 Merge pull request #3039 from cgwalters/rust-switch-include
26dcd4f5 rust: Switch to using `include`
b7e39eba Merge pull request #2054 from jlebon/pr/static-delta-fetch-no-scan
cd116a1e lib/pull: Drop static delta superblocks references
2fe88f80 ci: Run cosa unprivileged
fc5aef6f lib/pull: Don't scan commit objects we fetch via deltas
c8ed1c7a lib/pull: Fix miscounting of missing metadata
3c2587b6 app/pull-local: Add `--disable-static-delta`
0ac87956 Merge pull request #3038 from cgwalters/rust-drop-composefs
6a948567 Merge pull request #3037 from cgwalters/add-labeler-flow
2db17d21 rust: Drop composefs from crate
749857df Merge pull request #3035 from cgwalters/release-rust
12996948 ci: Add an automatic labeler action
1714e837 Merge pull request #3030 from ostreedev/dependabot/submodules/composefs-af86742
e52530b5 rust/sys: Also bump semver for this
4d3621db build(deps): bump composefs from `d085fbf` to `af86742`
00c04aef Merge pull request #3028 from ostreedev/dependabot/submodules/composefs-d085fbf
b0e32811 Merge pull request #3029 from cgwalters/bump-glib
aee1ab2c rust: Bump semver to 0.19
cccc0f1a rust: Port to glib 0.18
b60036dd build(deps): bump composefs from `597a766` to `d085fbf`
5fe050f5 Merge pull request #3027 from cgwalters/drop-cap-std-public
9121297e ci: Move lints into main build
242a9015 rust: Bump rust-version = 1.70
eec67ec1 Drop cap-std from our public APIs
e93ebd73 Merge pull request #3018 from ostreedev/dependabot/submodules/composefs-597a766
8d838230 Merge pull request #3012 from cgwalters/default-early-prune
d5cfbed5 sysroot: Promote the "early prune" behavior to default
c0014e00 Merge pull request #2968 from cgwalters/drop-global-syncfs-by-default
d976ec56 Merge pull request #3024 from cgwalters/clang-analyzer-fixes-5
0d7b8ebc build(deps): bump composefs from `1aed878` to `597a766`
52dbed4d Merge pull request #3023 from ostreedev/dependabot/submodules/libglnx-54ad67d
4eb3caca commit: Quiet clang-analyzer warning
5e1b6983 keyfile-utils: Quiet a clang-analyzer warning
3001ef28 build(deps): bump libglnx from `c02eb59` to `54ad67d`
03a19888 Merge pull request #3020 from cgwalters/less-return-if-fail-1
5837f27f Merge pull request #3019 from cgwalters/more-analyzer-fixes-4
886f5800 mutable-tree: Change some `g_return_if_fail` to `g_assert()`
db4ca6e7 mutable-tree: Quiet clang-analyzer warning
d001729b Merge pull request #3017 from cgwalters/more-analyzer-fixes-3
6538b170 repo: Quiet clang-analyzer warning
369e4ddd commit: Quiet clang-analyzer warning
5fc9eac0 commit: Quiet clang-analyzer warning
bfb7482a lib/commit: Quiet clang-analyzer warning
ee8c13b1 lib/delta: Remove dead code
3acdbac0 Merge pull request #3016 from cgwalters/more-analyzer-fixes-2
89e13a95 Merge pull request #2994 from cgwalters/refactor-composefs-warnings
0beaf5c9 pull: Quiet clang-analyzer warning
e2779a7c commit: Quiet clang-analyzer warning
5b40d4bb pull: Add assertions to quiet clang-analyzer
0cfa5e86 lib/repo-finder: Squash memory leak
f8549a9e Merge pull request #3013 from cgwalters/more-analyzer-fixes
7c13631a Merge pull request #3006 from cgwalters/misc-c99-style-5
1a16a7d6 switchroot: Use g_new/g_free consistently
d3ede20b sign/ed25519: Fix two memory leaks
a87789e8 commit: Drop dead code
d36bf35c switchroot: Lower config parser to otcore, add unit tests
38880bff composefs: Hard error except on ENOENT even in "optional" case
e952b1bf prepare-root: Fold together composefs signature cases
1d316e31 prepare-root: Init composefs options earlier
aa9b7c3b prepare-root: Drop redundant print about signature/digest
4dd3cb35 Merge pull request #3005 from cgwalters/release
97d83e62 configure: post-release version bump
cce1814c cmd/show-remote-url: Port to C99 style
116fdc3c cmd/log: Port to C99 style
e578c019 cmd/export: Fold libarchive error handling
88334b8f cmd/export: Port to C99 style
fa69eaac deploy: Remove global `sync` by default
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 62bbf5bd955b06c61335e530c96666f38818351a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Upstream reference:
https://github.com/ostreedev/ostree/commit/7b85adfbbd97054e4b14ca4365c11fbadf97c70c
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6451e58cf0fde018a20668398264ff06f80fd4fb)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Upstream reference:
https://github.com/ostreedev/ostree/commit/0c36e8143d3c95d454b65c38f923cf71d08d5eb7
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1f8808c22a29a35eb183250267df1e1010979641)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
dab8051f Release 2023.6
bd91fda6 Merge pull request #3010 from cgwalters/more-composefs-fixes
3648c5ae build-sys: Really fix composefs check
db3b286d Merge pull request #3009 from cgwalters/c9s-ci
bcd4d026 Merge pull request #3007 from cgwalters/optin-new-bootloader-naming
33ef4ae6 build-sys: Look for both linux/mount.h and sys/mount.h
bd8339bd ci: Add c9s build
cbe36c3a Merge pull request #3008 from ostreedev/maybe_ostree
29423a89 prepare-root: If composefs is configured as "maybe" don't fail
02d41907 deploy: Add bootloader-naming-2 opt-init
fb06d59e Merge pull request #3003 from cgwalters/prepare-root-oscore-and-units
20b8cb17 Move prepare-root karg helpers into otcore, add unit tests
44519492 Merge pull request #2997 from cgwalters/test-cleanups-1
37f247da Merge pull request #2999 from cgwalters/add-oscore-units
aa8ad204 Merge pull request #3001 from cgwalters/misc-c99-style-4
75a43deb cmd/grub2-generate: Port to C99 style
767ca134 cmd/init: Port to C99 style
e3ef72ea Merge pull request #3000 from cgwalters/test-inst-update
6eeb8b56 Merge pull request #2995 from ostreedev/dependabot/submodules/composefs-1aed878
e751dd9a Merge pull request #2998 from cgwalters/disable-composefs-too-old
facb9a1a tests/inst: Update to latest ostree-ext
7c82340d Merge pull request #2975 from ostreedev/androidboot-single-slot-mode
e3f0c4d4 tests: Add otcore unit tests
90e54619 build-sys: Disable composefs on too-old Linux headers
6e9e50d8 prepare-root: Changes made to find_proc_cmdline_key
650a0537 prepare-root: On a non-A/B androidboot system, boot system slot a
16b97d8a Merge pull request #2996 from cgwalters/misc-c99-style-3
578c87e7 tests/destructive: Port more to xshell
8f302f2a cli/set-origin: Port to C99 style
69d7d837 build(deps): bump composefs from `a6e827d` to `1aed878`
ee1e585e Merge pull request #2993 from cgwalters/misc-c99-style-2
22b47781 checkout: Port to C99 style
f7786e75 Merge pull request #2990 from cgwalters/init-is-stateroot
27266f90 lzma: Port to C99 style
722fc2d0 Merge pull request #2991 from cgwalters/misc-c99-style
9f39f78e remote-add: Port to c99 style
9036c96a admin: Port to c99 style
f4e56b91 admin-deploy: Add `--stateroot` as alias for `--os`
9d5ccfef Add `ostree admin stateroot-init` as alias for `os-init`
9ac938c4 Merge pull request #2989 from cgwalters/lock-timeout-longer
f4b42049 Merge pull request #2973 from ostreedev/dependabot/submodules/composefs-a6e827d
e88ec69e repo: Bump lock timeout to 5 minutes
55121cc4 Merge pull request #2988 from cgwalters/prepare-root-binding-key
d648eea6 Merge pull request #2987 from cgwalters/prefix-stage-deploy
94cb37cb prepare-root: Minor clarifications
25a458b9 deploy: Add some error prefixing
8712a467 Merge pull request #2985 from cgwalters/cleanup-proc-cmdline
083bad8c Merge pull request #2984 from alexlarsson/prepare-root-no-raw-key
28aed49d switchroot,generator: Only read /proc/cmdline once
0a79b3b1 prepare-root: Only support base64 formated public key files
c94388f3 Merge pull request #2980 from cgwalters/prepare-root-minor
871d32a5 prepare-root: Use ptrarray, not linked list
678bfcd9 prepare-root: Check for empty string, not strlen > 0
bea5d897 prepare-root: Use declare-and-initialize
3620d3c7 Merge pull request #2979 from cgwalters/enabled-discussions
d324f684 Merge pull request #2974 from alexlarsson/composefs-config-file
f1c1f819 README.md: Drop dead mailing list, link to GH discussions
81fa2141 Read composefs configuration from initrd instead of commandline
2cc6b531 Merge pull request #2966 from cgwalters/ostree-admin-edit
b108e24c build(deps): bump composefs from `1704f82` to `a6e827d`
c57c0056 Merge pull request #2958 from cgwalters/deploy-loosen-etc-usretc
7f70614a Merge pull request #2969 from cgwalters/fix-sync-pthreads
a31f7798 Merge pull request #2967 from cgwalters/drop-trivial-httpd-entrypoint
402e0428 deploy: Fix mutex locking for global sync timeout
60b46556 More fully drop `trivial-httpd` entrypoint
3cd3251a Add `admin set-default`
09160c1a Merge pull request #2962 from cgwalters/os-init-remount
ac42e29d os-init: Create a mount namespace
113e575e Merge pull request #2963 from cgwalters/more-gfileinfo-fix
15cb0b47 composefs: Only call `_get_symlink_target()` on symlinks
f44909f8 Merge pull request #2960 from ostreedev/dependabot/submodules/libglnx-c02eb59
a16a14a6 build(deps): bump libglnx from `07e3e49` to `c02eb59`
fd968d59 Merge pull request #2957 from cgwalters/transaction-test-suppress-global-sync
0406fd39 deploy: Support an empty `/etc` and populated `/usr/etc`
6470429b tests/destructive: Turn off global sync()
a2663e80 Merge pull request #2956 from cgwalters/finalize-more-verbose
3d881fee deploy: Be way more verbose about what we're doing
1aed5d7c Merge pull request #2954 from cgwalters/harden-gvariant-get-data
5b372596 checksum-utils: Add an assertion that `buf != NULL`
0392b546 core, switchroot: Harden a bit against `g_variant_get_data() == NULL`
d7d66121 Merge pull request #2953 from samcday/patch-1
66e42553 Merge pull request #2930 from cgwalters/prepare-root-config3
b5397887 docs: update boot loader spec link
af52a88d Merge pull request #2952 from cgwalters/silence-variant-lookup
13e7ae90 tree-wide: Consistently `(void)g_variant_lookup()`
34656260 prepare-root: Don't parse target root when composefs enabled
83d37d6d prepare-root: Default sysroot.readonly=true if composefs
22b8e4f9 prepare-root: Introduce `ostree/prepare-root.conf`
250c40a6 Merge pull request #2948 from cgwalters/composefs-more-cleanups
3f594b04 Merge pull request #2951 from cgwalters/errprefix-sysroot
5e2eedee Merge pull request #2949 from cgwalters/kargs-cleanup
cf525ee6 repo: Clarify when we fail to parse a remote
70d790ab sysroot: Add a bit more error prefixing
82da0e16 Merge pull request #2950 from cgwalters/generator-cleanup
d7fe9e54 kernel-args: Move private functions out of public header
303e7eb2 src/generator: Move all logic into libostree-1.so
ec1109c7 generator: Stop creating `/run/ostree-booted`
64afbcde composefs: Use lowerdir in /run
4c0e5b1e Merge pull request #2942 from ostreedev/android-bootloader-parsing
a035c2e2 Merge pull request #2946 from cgwalters/add-inode-fix-feature
8ce7bbe1 Add an always-on `inode64` feature
c89baaed bootloader: fold all Android Bootloader specific logic into prepare-root
55936165 Merge pull request #2943 from cgwalters/mount-cleanup
253e7758 Merge pull request #2944 from cgwalters/prepare-root-more-cleanup
e61226a8 prepare-root: Drop more dead code
41cda3bd prepare-root: Drop code mounting `/proc`
b258375f Merge pull request #2938 from cgwalters/dedup-ostree-parsing
b548ff74 Merge pull request #2939 from cgwalters/ed25519-cleanups
6966979c generator: Deduplicate ostree= karg parsing
fc303da6 sign-ed25519: Don't set sk unless we've validated it
3a18a557 sign-ed25519: Add some comments for data structure
fb40e559 sign-ed25519: More verbose errors for invalid length
1a2fac37 tests: Remove dead references to "SEED"
1c0fd7d4 Merge pull request #2937 from ericcurtin/ostree2androidboot.slot_suffix
355cd727 Remove steal_pointer and steal_pointer_impl as we link in glib now
a6f0a571 android-boot: Remove dependency on ostree= karg, use androidboot.slot_suffix=
27a9fe30 Merge pull request #2936 from cgwalters/sign-from-file
7bbe13ca Merge pull request #2931 from cgwalters/prepare-root-man
de81a7e7 Merge pull request #2929 from cgwalters/prepare-root-drop-pivot
8302a8ad Merge pull request #2927 from cgwalters/sysroot-errprefix-bootlinks
845d68d1 Merge pull request #2935 from cgwalters/prepare-root-config4
82d93491 commit: Add `--sign-from-file`
d4ca834b prepare-root: Refactor composefs config handling
18d6f597 Merge pull request #2934 from cgwalters/enable-composefs-default
592351d1 build-sys: Enable composefs at *build time* by default
3d29f89c Merge pull request #2928 from cgwalters/prepare-root-config
c1ac6bc3 Merge pull request #2932 from cgwalters/aboot-fix-nullderef
c078e8be mount: Fix gcc -fanalyzer warning for parsing androidboot.slot_suffix
c4f1d18a Merge pull request #2920 from ostreedev/dependabot/submodules/composefs-1704f82
1e4cb30c man: Add ostree-prepare-root
0eda15ce Use /run/ostree-booted metadata for sysroot-ro state passing
79806a68 prepare-root: Drop dead `pivot_root` code
b8d66964 remount: Use new metadata in `/run/ostree-booted` for composefs
77acad24 remount: Don't overwrite /run/ostree-booted
93699cc5 prepare-root: Add metadata for composefs to `/run/ostree-booted`
bafb5512 prepare-root: Use constant for ed25519 signature
6cdc5ce5 Merge pull request #2926 from cgwalters/otcore-cfs-constants
6769d66d sysroot: Add some error prefixing for bootversion
18cc4472 prepare-root: Drop unused verity flag querying
2b738a99 prepare-root: Use otutil and g_print
1b7b4fbd Add an internal constant for the composefs image name
c0c2c9bd Merge pull request #2924 from cgwalters/drop-syntax-check
65912106 build: Drop `make syntax-check`
57fe33f0 Merge pull request #2921 from alexlarsson/composefs-sign-v2
c29f4193 ostree-prepare-root: Validate ed25519 signatures when requested
b8ff2109 Factor out a libotcore
265cf7d7 build-sys: Add libsodium to OT_DEP_CRYPTO
a6d9c714 Merge pull request #2922 from alexlarsson/openssl-ed25519
744967a6 libotutil: Link to crypto libs
474c2b10 CI: Enable --with-crypto=openssl on debian testing to test openssl signatures
7b85adfb sign-ed25519: Implement sign and verify using openssl
501575c1 sign-ed25519: Drop some uses of libsodium
5b727751 Merge pull request #2923 from alexlarsson/fix-composefs-test
62e4f376 tests: Fix composefs test
eb011120 show: Add --print-hex
6056ec13 Merge pull request #2913 from cgwalters/tmpfile-not-on-revokefs
8a4a0c16 build(deps): bump composefs from `ac729b5` to `1704f82`
43fb2787 Merge pull request #2918 from ostreedev/dependabot/submodules/composefs-ac729b5
25120bd7 Merge pull request #2912 from cgwalters/itest-transactionality-debug
61720180 Merge pull request #1633 from cgwalters/pkglibexec-tests
ba9c9ded fetcher: Always open tmpfiles in repo (except on FUSE)
9104c54f Merge pull request #2905 from cgwalters/prepare-root-static-split
01be14e6 build(deps): bump composefs from `412cb5e` to `ac729b5`
0c36e814 Drop "ostree trivial-httpd" CLI, move to tests directory
8ad8a79c Merge pull request #2916 from cgwalters/release
b2cfee72 Merge pull request #2914 from cgwalters/doc-usergroups
5aadb6ec configure: post-release version bump
875915f6 prepare-root: Link to glib
d6799ecc Separate prepare-root static path
786e64ce docs: Update user and group section
8bba482b tests: Enable mtime test
0b519c25 tests: Drop unused alias
54c73155 tests/transactionality: Port a bit to xshell
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fadf647d3ec0d3b948841defa5574b60ba223310)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1de085a7165621ea1e3d05bab7ee4e29aea46ff9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Support for building from native was removed in commit e1b332f2e
(meta-networking: Drop broken BBCLASSEXTEND variants), most likely due
to no support for building libwebsockets-native. That support has now
been added, so it is now possible to build mosquitto-native again.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ad27cdd560fe9947a0e0f822d6a71bac5d2e4a7e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is needed to be able to build mosquitto-native.
The dependency on libcap when building for native is needed because
cmake will pick up the existence of libcap from the host, but then the
build fails if it is not available in the sysroot. Unfortunately, there
does not seem to be any way to explicitly tell cmake to not build with
libcap.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c083e0569ad80d11b4f5cfdfa89acdd4264d8152)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changelog:
https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/blob/1.22.0/NEWS
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 722720eaebd591fef20961d5ef05ef610328a2a9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changelog:
https://gitlab.freedesktop.org/mobile-broadband/libmbim/-/blob/1.30.0/NEWS
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6ce524d7b0f3c9e7705d2135e26c950d6f99dbfd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|