| Age | Commit message (Collapse) | Author |
|---|
|
With commit dc778c70449ee5401b5a24ad18b22b88338c47c5, dependency was
moved to openssl-bin which in itself was a fine change, but dropping
dependency on openssl too should have been kept along, dropping this
meant that openssl binary wont be able to validate secure connections as
the CApath files wont be installed, which infact are required for
openssl bins to work, following call e.g. fails
$ openssl s_client -connect google.com:443
....
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
....
The local issuer certs are not found in default location
/usr/lib/ssh-1.1/certs, this dir and its content is installed by openssl package
therefore re-add the dependency on openssl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit eaf377315efc73d6ffe361372a873918b3bb3bf5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
* it doesn't listen on http and the redirect sometimes doesn't work
WARNING: iso-codes-4.6.0-r0 do_fetch: Failed to fetch URL git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http;branch=main;, attempting MIRRORS if available
The protocol should be changed to https, like all other salsa.debian.org pulls are, so that it doesn't depend on mirrors.bbclass to resolve this.
meta/classes/mirrors.bbclass:git://salsa.debian.org/.* git://salsa.debian.org/PATH;protocol=https \n \
from log.do_fetch:
DEBUG: Fetcher accessed the network with the command LANG=C git -c core.fsyncobjectfiles=0 fetch -f --progress http://salsa.debian.org/iso-codes-team/iso-codes.git refs/*:refs/*
fatal: unable to access 'http://salsa.debian.org/iso-codes-team/iso-codes.git/': Couldn't connect to server
WARNING: Failed to fetch URL git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http;branch=main;, attempting MIRRORS if available
...
warning: redirecting to https://salsa.debian.org/iso-codes-team/iso-codes.git/
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 749eeb8cfaa8ffcfda29f3f06a77debaf6304288)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
We need to use CFLAGS with the correct WORKDIR in them, replace those
in the sysroot file with the ones appropriate to the current recipe.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 45edf189961aff1858be9bb7b63116073c0a0c10)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The patch was submitted and merged upstream.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 871bce0703ca9d14e5c44f6ee0b66fcb13cfb630)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The LINGUAS file can be written by two different Makefile targets
and if they race, the desktop file contents isn't deterministic.
Fix the makfile to avoid this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 416bc7b697764075fbf73683cd8bddf36d839244)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Add a couple of configure options to avoid determism issues in the vim build.
This can happen due to the addition of glib-2.0 to the native sysroot through
later task additions to the sysroot through indirect dependencies.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 914f86054f5ea0a115767c1b3d9cdb4c4ef9545b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 375d13fcb362b48e57ba8851b03f2b72dd44da11)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Added below CVE:
CVE-2020-12825
Link: CVE-2020-12825 [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8
Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f8cee7386c556e1c5adb07a0aee385642b7a5568)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Whitelisted below CVEs:
1. CVE-2018-12433
Link: https://security-tracker.debian.org/tracker/CVE-2018-12433
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433
CVE-2018-12433 is marked disputed and ignored by NVD as it does
not impact crypt libraries for any distros and hence, can be safely
marked whitelisted.
2. CVE-2018-12438
Link: https://security-tracker.debian.org/tracker/CVE-2018-12438
Link: https://ubuntu.com/security/CVE-2018-12438
CVE-2018-12438 was reported for affecting openjdk crypt libraries
but there are no details available on which openjdk versions are
affected and does not directly affect libgcrypt or any specific
yocto distributions, hence, can be whitelisted.
Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2943efe3f56d394308f9364b439c25f6a7613288)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
0001-certdata2pem.py-use-python3.patch
removed since it is included in 20210119
(From OE-Core rev: afd86357e07f69090eaff4c5db2c517867dd4ccf)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3f1c05e14840ce0db9a8ca813dca0466520888d8)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
https://github.com/p11-glue/p11-kit/releases/tag/0.23.22
Release notes:
Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook
anchor: Prefer persistent format when storing anchor [#329]
common: Fix infloop in p11_path_build [#326, #327]
proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [#325]
common: Check for a NULL locale before freeing it [#321]
Build and test fixes [#313, #315, #317, #318, #319, #323, #330, #333, #334, #335, #338, #339]
https://github.com/p11-glue/p11-kit/commit/c4e75e10021ce86ab42682ea4936dce94ced2f77
patch to fix trailing newline using custom_target() caused error
with DISTRO_FEATURES api-documentation due to meson bugs, enable
manpages PACKAGECONFIG should prevent this error.
| warning: failed to load external entity "../version.xml"
| ../p11-kit-docs.xml:11: parser error : Failure to process entity version
| <releaseinfo>for p11-kit &version;</releaseinfo>
| ^
| ../p11-kit-docs.xml:11: parser error : Entity 'version' not defined
| <releaseinfo>for p11-kit &version;</releaseinfo>
| ^
| unable to parse ../p11-kit-docs.xml
(From OE-Core rev: b112ba291835061640123c13784e2b33cc73f17d)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 59b07a71f32c84e592d66595a2a7e1ae9c7ebef8)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
This patch makes gcc produce broken code. It is unclear why it is there
in the first place. Drop it.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5f3cace37496fe1dc4fd045f688f7d441505c437)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport the CVE patches from upstream
https://github.com/curl/curl/commit/ec9cc725d598ac
https://github.com/curl/curl/commit/a95a6ce6b809693a1195e3b4347a6cfa0fbc2ee7
https://github.com/curl/curl/commit/69a358f2186e04
https://github.com/curl/curl/commit/d9d01672785b.patch
0002-remove-void-protop-create-union-p.patch is added because the CVE-2020-8285 fix is
dependent on it.
CVE:
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286
Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 46d837442ab216941df2d02f60c69155463e02d8)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Support for gdbm was made optional in 3260ad9e, but it was still being
used unconditionally.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 09d303ca295dc27874c72b30c37a64d1fdf4c5c0)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Upstream renamed master -> dev, update SRC_URI to match.
[YOCTO #14135]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3369aa0322693604533ef7d30dca234e52605fe2)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
As per https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA this issue
is believed to be either iOS specific, or fixed in 3.8.9.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b781058267bd86bd979c50f4dfe8168c58dfa5a9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
libbsd contains a multitude of licenses. For (commercial) projects the
3rd clause of the BSD-4-Clause license can be problematic. But only a
few man pages use this license. This means that the main package
containing the binary library itself is not under BSD-4-Clause ruling.
Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9c3e3f83b5fb162d161a7b9773d426418a22c05f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The license headers are clear that the code is "or later", fix LICENSE
to match.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5f0b5cdfcb104ac50222a47652e090ad8770e49f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Although attr is licensed under LGPLv2.1 and GPLv2, LIC_FILES_CHKSUM
does not include license file of LGPLv2.1, COPYING.LGPL.
Signed-off-by: Akira Shibakawa <arabishi900@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Debug logs were only controlled by --debug flag while in --foreground mode.
In --daemon mode (the default for us) /var/log/message got stuffed with
details of entropy pool refilling, which is useless in production, and
hamful when log rotation then gets rid of the more useful logs.
This change makes the two modes consistently only produce debug logs when
--debug is specified.
Signed-off-by: Yann Dirson <yann@blade-group.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add some new libraries to the list (fiber, headers, type_erasure).
Move context/coroutine to the list instead of using overrides as it
builds everywhere I can test it.
Remove the mips16e override for wave as Boost fails so dramatically with
mips16e enabled that this isn't even close to a fix. Someone who cares
can fix this properly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There's no need to specify an ancient GCC version here as Boost will
probe it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Boost is a huge unirepo made from multiple submodules. To bootstrap it we
need boost.build (previously bjam) which is also available as a solo
repository. This smaller repository can unpack/build/package faster than
the Boost unirepo can unpack.
Rename the recipe to the current name of Boost.Build that installs a b2
binary, use the solo repository, and update the Boost recipe to use
the b2 binary instead of bjam.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Previously this recipe was changed to do debug builds because otherwise insane
warns that the binary is already stripped.
However, debug builds for boost.build also pass -O0. It turns out that given
how large Boost is (or, how bad boost.build is) doing a release build with -O3
knocks a third off the walltime for a Boost package in my test, mainly by reducing
how long it spends deciding that nothing needs to be rebuilt in do_install:
PKG TASK ABSDIFF RELDIFF WALLTIME1 -> WALLTIME2
boost do_install -330.7s -69.2% 477.6s -> 146.9s
boost do_compile -7.1s -2.7% 269.3s -> 262.2s
Replace debug mode with INSANE_SKIP=already-stripped.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
After debianutils upgrades to 4.11.1 in [1], there is no
4.11.1 source in the old debian snapshot. Update the snapshot
version to fix the gap.
[1] https://git.openembedded.org/openembedded-core/commit/?id=0c492a0768cd15ff40db35f459853e69c55f8cc6
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Instead of manually creating and deleting build directories, follow the idioms
by setting B to WORKDIR/build, setting do_configure[cleandirs], and using ${B}
where appropriate.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The srcrev bump is actually bring single commit [1] on top of 2.4.0 which fixes ptest
runs with messges like
ERROR: Unable to detach from controlling tty, Inappropriate ioctl for device
[1] https://git.yoctoproject.org/cgit/cgit.cgi/ptest-runner2/commit/?id=834670317bd3f6e427e1ac461c07ada6b8936dfd
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The official links on:
https://curl.haxx.se/download.html
use https now and we're seeing this warning:
WARNING: curl-native-7.72.0-r0 do_fetch: Failed to fetch URL http://curl.haxx.se/download/curl-7.72.0.tar.bz2, attempting MIRRORS if available
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This includes the following changes:
Version 159:
* Show "ordering differences only" in strings(1) output.
(Closes: reproducible-builds/diffoscope#216)
* Don't alias output from "os.path.splitext" to variables that we do not end
up using.
* Don't raise exceptions when cleaning up after a guestfs cleanup failure.
* Make "Command" subclass a new generic Operation class.
Version 160:
* Check that pgpdump is actually installed before attempting to run it.
Thanks to Gianfranco Costamagna (locutusofborg). (Closes: #969753)
* Add some documentation for the EXTERNAL_TOOLS dictionary.
* Ensure we check FALLBACK_FILE_EXTENSION_SUFFIX, otherwise we run pgpdump
against all files that are recognised by file(1) as "data".
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This addresses CVE-2020-25125 and provides some other minor
updates and translations.
Updated commits for reference:
e234d04c3 Werner Koch Release 2.2.23
aeb8272ca Werner Koch gpg: Fix AEAD preference list overflow
038314665 Werner Koch po: auto update
1a4b0fd79 Yuri Chornoivan po: Update Ukrainian translation
93d10403a Jakub Bogusz po: Update Polish translation
a8a8105bc Werner Koch po: Add key-check.c to the list of translatable sources.
cad9955ac Petr Pisar po: Update Czech translation.
896c528ba Werner Koch gpg: Fix segv importing certain keys.
0a9665187 NIIBE Yutaka scd: Fix a regression for OpenPGP card.
bcae9cd4e Nagy Ferenc László po: Minor update to the Hungarian translation.
d2fe2ffd7 Werner Koch sm: Fix a bug in the rfc2253 parser
f799b3ddb Werner Koch Post release updates
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
To avoid false positives (such as CVE-2010-0734, rubygems:curl), expand
the CVE_PRODUCT list to include all the vendors that have been used.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport the CVE patch from the usptream:
https://gitlab.com/gnutls/gnutls.git
commit 29ee67c205855e848a0a26e6d0e4f65b6b943e0a
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The primary Debian archive only contains tarballs which are currently
shipped in a release, so it's easy for a tarball we need to disappear.
Instead, point at snapshot.debian.org to ensure the link remains valid.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0003-build-Fix-cross-compiling-into-a-separate-build-dir.patch
0005-src-gen-lock-obj.sh-add-a-file.patch
Removed since these are included in 1.39
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0001-configure.ac-add-library-if-header-found.patch
0002-Wrap-pthread_atfork-usage-in-HAVE_PTHREAD_H.patch
Removed since these are included in 0.7.11
Refresh the following patch:
python.patch
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Khem Raj
Martin Jansa
Richard Purdie
Alexander Kanavin
saloni
zhengruoqin
Lee Chee Yang
Mans Rullgard
Khairul Rohaizzat Jamaluddin
Changqing Li
Peter Kjellerstedt
Ross Burton
Mark Jonas
Akira Shibakawa
Yann Dirson
Ross Burton
Mingli Yu
Randy MacLeod
Pierre-Jean Texier
zangrc
Saul Wold
Zhixiong Chi
Joshua Watt