subtree updates
meta-openembedded: 0e3f5e5201..491b7592f4:
Alexander Kanavin (1):
libadwaita: move recipe to oe-core
Andrej Valek (1):
cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
Archana Polampalli (1):
yasm: fix CVE-2023-31975
Chase Qi (1):
meta-python: add python3-telnetlib3 package
Chen Qi (3):
iperf3: remove incorrect CVE_PRODUCT setting
open-vm-tools: add CVE_PRODUCT
grpc: fix CVE-2023-32732
Chi Xu (1):
lapack: Add ptest support
Chris Dimich (1):
image_types_sparse: Fix syntax error
Christian Hohnstaedt (1):
android-tools: fix QA warning about buildpaths
Christophe Vu-Brugier (2):
libnvme: add recipe
nvme-cli: upgrade 1.13 -> 2.5
Etienne Cordonnier (1):
uutils-coreutils: upgrade 0.0.19 -> 0.0.20
Gianfranco Costamagna (3):
vbxguestdrivers: upgrade 7.0.8 -> 7.0.10
dlt-daemon: Add patch to fix build with googletest 1.13
gpsd: make sure gps-utils-python runtime-depends on python3-pyserial
JD Schroeder (2):
radvd: Fix groupname gid change warning
cyrus-sasl: Fix groupname gid change warning
Jan Vermaete (1):
openh264: version bump 2.1.1 -> 2.3.1
Jasper Orschulko (1):
yaml-cpp: Fix cmake export
Khem Raj (9):
openwsman: Link with -lm to get floor() definition
portaudio-v19: Update to latest tip of trunk
python3-pyaudio: Fix cross builds
poco: Fix ptests
pcmciautils: Pass LD=CC via Make cmdline
ply: Pass LD via environment to configure
sip: upgrade 6.7.10 -> 6.7.11
nodejs: Upgrade to 18.17.0
python3-m2crypto: Remove __pycache__ files
Marek Vasut (1):
libiio: update to version 0.25
Markus Volk (9):
pipewire: update 0.3.73 -> 0.3.75
libcamera: update 0.0.5 -> 0.1.0
webkitgtk3: add recipe
geary: update 43.0 -> 44.0
webkitgtk3: upgrade 2.40.2 -> 2.40.5
fuse3: update 3.14.1 -> 3.15.1
pipewire: update 0.3.75 -> 0.3.77
pipewire: add support for liblc3
gnome-software: update 44.3 -> 44.4
Martin Jansa (4):
libtommath: add recipe for LibTomMath used by dropbear
libtomcrypt: backport a fix for CVE-2019-17362
libtomcrypt: add PACKAGECONFIG for ltm enabled by default
dlm: Do not use -fcf-protection=full on aarch64 platforms
Michael Opdenacker (7):
remove unused AUTHOR variable
remove unused AUTHOR variable
remove unused AUTHOR variable
remove unused AUTHOR variable
remove unused AUTHOR variable
remove unused AUTHOR variable
meta-python: Remove unused AUTHOR variable
Mingli Yu (2):
dracut: Remove busybox from RRECOMMENDS
mariadb: Upgrade to 10.11.4
Nicolas Marguet (2):
rsyslog: update from 8.2302.0 to 8.2306.0
rsyslog: Fix function inline errors in debug optimization
Peter Marko (1):
cve_check: fix conversion errors
Ramon Fried (1):
bitwise: Upgrade 0.43 -> 0.50
Ross Burton (1):
cherokee: add CVE_PRODUCT
Tim Orling (1):
libmodule-build-tiny-perl: upgrade 0.045 -> 0.046
Trevor Gamblin (31):
python3-django: upgrade 4.2.2 -> 4.2.3
python3-ipython: upgrade 8.12.0 -> 8.14.0
python3-awesomeversion: upgrade 22.9.0 -> 23.5.0
python3-binwalk: upgrade 2.3.3 -> 2.3.4
python3-bitstring: upgrade 3.1.9 -> 4.0.2
python3-bitstring: add python3-io to RDEPENDS, alphabetize
python3-blinker: upgrade 1.5 -> 1.6.2
python3-blinker: add python3-asyncio to RDEPENDS
python3-execnet: upgrade 1.9.0 -> 2.0.2
python3-flask: upgrade 2.2.3 -> 2.3.2
python3-flask: add python3-blinker to RDEPENDS, alphabetize
python3-greenstalk: upgrade 2.0.0 -> 2.0.2
python3-humanize: upgrade 4.4.0 -> 4.7.0
python3-versioneer: add recipe
python3-parse: upgrade 1.19.0 -> 1.19.1
python3-pandas: upgrade 1.5.3 -> 2.0.3
python3-pyperf: upgrade 2.5.0 -> 2.6.1
python3-rdflib: upgrade 6.2.0 -> 6.3.2
python3-semver: upgrade 2.13.0 -> 3.0.1
python3-send2trash: upgrade 1.8.0 -> 1.8.2
python3-sh: upgrade 1.14.3 -> 2.0.4
python3-snagboot: upgrade 1.0 -> 1.1
python3-werkzeug: upgrade 2.2.3 -> 2.3.6
python3-beautifulsoup4: upgrade 4.11.1 -> 4.12.2
python3-fastjsonschema: upgrade 2.16.3 -> 2.18.0
python3-jsonpatch: upgrade 1.32 -> 1.33
python3-m2crypto: upgrade 0.38.0 -> 0.39.0
python3-matplotlib: upgrade 3.6.3 -> 3.7.2
python3-pyaudio: upgrade 0.2.11 -> 0.2.13
python3-pybind11: upgrade 2.10.3 -> 2.11.1
python3-sqlparse: upgrade 0.4.3 -> 0.4.4
Vivien Didelot (1):
libcamera: bump to latest master
Wang Mingyu (83):
c-periphery: upgrade 2.4.1 -> 2.4.2
ctags: upgrade 6.0.20230611.0 -> 6.0.20230716.0
gensio: upgrade 2.6.6 -> 2.6.7
gnome-commander: upgrade 1.16.0 -> 1.16.1
hiredis: upgrade 1.1.0 -> 1.2.0
iperf3: upgrade 3.13 -> 3.14
iwd: upgrade 2.6 -> 2.7
libbytesize: upgrade 2.8 -> 2.9
libinih: upgrade 56 -> 57
libnftnl: upgrade 1.2.5 -> 1.2.6
lvgl: upgrade 8.3.7 -> 8.3.8
bats: upgrade 1.9.0 -> 1.10.0
function2: upgrade 4.2.2 -> 4.2.3
lmdb: upgrade 0.9.29 -> 0.9.31
redis: upgrade 6.2.12 -> 6.2.13
ser2net: upgrade 4.3.12 -> 4.3.13
python3-obd: upgrade 0.7.1 -> 0.7.2
python3-path: upgrade 16.6.0 -> 16.7.1
nginx: upgrade 1.24.0 -> 1.25.1
php: upgrade 8.2.7 -> 8.2.8
python3-charset-normalizer: upgrade 3.1.0 -> 3.2.0
python3-click: upgrade 8.1.3 -> 8.1.5
python3-dnspython: upgrade 2.3.0 -> 2.4.0
python3-engineio: upgrade 4.4.1 -> 4.5.1
python3-eth-utils: upgrade 2.1.1 -> 2.2.0
python3-frozenlist: upgrade 1.3.3 -> 1.4.0
python3-gevent: upgrade 22.10.2 -> 23.7.0
python3-google-api-python-client: upgrade 2.92.0 -> 2.93.0
python3-google-auth: upgrade 2.21.0 -> 2.22.0
python3-mock: upgrade 5.0.2 -> 5.1.0
python3-platformdirs: upgrade 3.8.0 -> 3.9.1
python3-protobuf: upgrade 4.23.3 -> 4.23.4
python3-pymisp: upgrade 2.4.172 -> 2.4.173
python3-pymongo: upgrade 4.4.0 -> 4.4.1
python3-tox: upgrade 4.6.3 -> 4.6.4
python3-virtualenv: upgrade 20.23.1 -> 20.24.0
python3-zeroconf: upgrade 0.70.0 -> 0.71.0
redis-plus-plus: upgrade 1.3.9 -> 1.3.10
redis: upgrade 7.0.11 -> 7.0.12
smemstat: upgrade 0.02.11 -> 0.02.12
tesseract: upgrade 5.3.1 -> 5.3.2
weechat: upgrade 4.0.1 -> 4.0.2
wireshark: upgrade 4.0.6 -> 4.0.7
xterm: upgrade 383 -> 384
lastlog2: add new recipe
wtmpdb: add new recipe
babeld: upgrade 1.12.2 -> 1.13.1
ctags: upgrade 6.0.20230716.0 -> 6.0.20230730.0
gspell: upgrade 1.12.1 -> 1.12.2
libcompress-raw-bzip2-perl: upgrade 2.204 -> 2.206
libcompress-raw-lzma-perl: upgrade 2.204 -> 2.206
libcompress-raw-zlib-perl: upgrade 2.204 -> 2.206
libio-compress-lzma-perl: upgrade 2.204 -> 2.206
libio-compress-perl: upgrade 2.204 -> 2.206
libqb: upgrade 2.0.7 -> 2.0.8
logcheck: upgrade 1.4.2 -> 1.4.3
mdio-tools,mdio-netlink: Upgrade recipes to 1.3.0
python3-dill: upgrade 0.3.6 -> 0.3.7
python3-gunicorn: upgrade 20.1.0 -> 21.2.0
python3-web3: upgrade 6.3.0 -> 6.7.0
python3-aiohttp: upgrade 3.8.4 -> 3.8.5
python3-bitarray: upgrade 2.7.6 -> 2.8.0
python3-click: upgrade 8.1.5 -> 8.1.6
python3-cmake: upgrade 3.26.4 -> 3.27.0
python3-configargparse: upgrade 1.5.5 -> 1.7
python3-cytoolz: upgrade 0.12.1 -> 0.12.2
python3-dnspython: upgrade 2.4.0 -> 2.4.1
python3-elementpath: upgrade 4.1.4 -> 4.1.5
python3-flask-socketio: upgrade 5.3.4 -> 5.3.5
python3-gnupg: upgrade 0.5.0 -> 0.5.1
python3-google-api-python-client: upgrade 2.93.0 -> 2.95.0
python3-grpcio: upgrade 1.56.0 -> 1.56.2
python3-jedi: upgrade 0.18.2 -> 0.19.0
python3-marshmallow: upgrade 3.19.0 -> 3.20.1
python3-portion: upgrade 2.4.0 -> 2.4.1
python3-pymodbus: upgrade 3.3.2 -> 3.4.1
python3-robotframework: upgrade 6.1 -> 6.1.1
python3-tomlkit: upgrade 0.11.8 -> 0.12.1
python3-typeguard: upgrade 4.0.0 -> 4.1.0
python3-virtualenv: upgrade 20.24.0 -> 20.24.2
python3-zeroconf: upgrade 0.71.0 -> 0.71.4
rdma-core: upgrade 46.0 -> 47.0
sip: upgrade 6.7.9 -> 6.7.10
Willy Tu (1):
mstpd: Add initial recipe for mstpd
Yi Zhao (4):
samba: upgrade 4.18.4 -> 4.18.5
libnfnetlink: enable native build
libnetfilter-queue: enable native build
daq: enable nfq module build
meta-raspberrypi: e3f733cadd..5e2f79a6fa:
Jan Vermaete (2):
kas-poky-rpi.yml: renamed ABORT to HALT
rpi-base.inc: add the disable-wifi overlay
Khem Raj (1):
rpi-base: Remove customizing SPLASH var
Martin Jansa (1):
libcamera: update PACKAGECONFIG for libcamera-0.1.0
Vincent Davis Jr (1):
rpidistro-vlc: fix error uint64_t does not name
Vivien Didelot (10):
rpi-libcamera-apps: fix Illegal Instruction
rpi-libcamera-apps: add opencv build dependency
rpi-libcamera-apps: add drm support
rpi-libcamera-apps: replace tensorflow config
rpi-libcamera-apps: don't force COMPATIBLE_MACHINE
rpi-libcamera-apps: rename to libcamera-apps
libcamera-apps: move recipe to dynamic-layers
libcamera-apps: bump to 3d9ac10
libcamera-apps: switch from CMake to meson
libcamera-apps: bump to latest main
meta-arm: b4d50a273d..992c07f7c0:
Abdellatif El Khlifi (2):
arm-bsp/trusted-firmware-a: corstone1000: psci: SMCCC_ARCH_FEATURES discovery through PSCI_FEATURES
arm-bsp/u-boot: corstone1000: upgrade to v2023.07
Adam Johnston (1):
arm-bsp/trusted-firmware-a: Reserve OP-TEE memory from NWd on N1SDP
Emekcan Aras (1):
arm-bsp/u-boot: corstone1000: increase the kernel size
Jon Mason (9):
CI: add defaults for get-binary-toolchains
CI: workaround 32bit timer warning in binary toolchain
arm-bsp/corstone1000: update u-boot preferred version
arm-toolchain/gcc-aarch64-none-elf: upgrade to 12.3.rel1
arm/edk2: move 202211 recipe to meta-arm-bsp
arm-bsp: clean-up patch noise
arm/optee-test: update musl workaround patch
arm-bsp/tc1: remove trusted-firmware-m target
arm/trusted-firmware-m: upgrade to v1.8.0
Robbie Cao (1):
arm/recipes-kernel: Add preempt-rt support for generic-arm64
Ross Burton (5):
arm-toolchain/androidclang: remove
arm-toolchain/arm-binary-toolchain: install to a versioned directory
arm-toolchain/gcc-arm-none-eabi-11.2: add new recipe
arm/trusted-firmware-m: explicitly use Arm GCC 11.2
arm-toolchain/gcc-arm-none-eabi: upgrade to 12.3.rel1
Ziad Elhanafy (1):
arm/recipes-devtools,doc: Update FVP version
poky: b398c7653e..71282bbc53:
Alex Kiernan (3):
base-passwd: Add the sgx group
udev: eudev: Revert add group to sgx
poky/poky-tiny: Explicitly exclude `shadow`
Alexander Kanavin (25):
meta: add missing summaries for image recipes
insane.bbclass: add do_recipe_qa task
devtool: do not run recipe_qa task when extracting source
insane.bbclass: add a SUMMARY/HOMEPAGE check (oe-core recipes only)
insane.bbclass: add a RECIPE_MAINTAINER check (oe-core recipes only)
librsvg: fix upstream version check
acpica: tarball and homepage relocated to intel.com
gnu-efi: upgrade 3.0.15 -> 3.0.17
gettext-minimal-native: obtain the needed files directly from gettext source tarball
kbd: upgrade 2.6.0 -> 2.6.1
systemd: upgrade 253.3 -> 253.7
jquery: upgrade 3.6.3 -> 3.7.0
strace: upgrade 6.3 -> 6.4
sudo: update 1.9.13p3 -> 1.9.14p2
libadwaita: add recipe from meta-gnome
epiphany: upgrade 43.1 -> 44.5
glibc-locale: use stricter matching for metapackages' runtime dependencies
uninative-tarball: install the full set of gconv modules
buildtools-extended-tarball: install the full set of gconv modules
procps: address failure with gettext 0.22
util-linux: upgrade 2.38.1 -> 2.39.1
ref-manual: document image-specific variant of INCOMPATIBLE_LICENSE
devtool/upgrade: raise an error if extracting source produces more than one directory
scripts/lib/scriptutils.py: add recipe_qa artifacts to exclusion list in filter_src_subdirs()
curl: ensure all ptest failures are caught
Alexandre Belloni (2):
base-files: bump PR because conf files are now sorted
wic: bootimg-efi: Stop hardcoding VMA offsets
Alexis Lothoré (3):
scripts/resulttool: add mention about new detected tests
scripts/resulttool: allow to replace test raw status with custom string
scripts/resulttool: define custom string for "not found" test results
Andrej Valek (2):
maintainers.inc: Modify email address
ref-manual: document CVE_STATUS and CVE_CHECK_STATUSMAP
Anuj Mittal (4):
glibc/check-test-wrapper: don't emit warnings from ssh
selftest/cases/glibc.py: increase the memory for testing
oeqa/utils/nfs: allow requesting non-udp ports
selftest/cases/glibc.py: switch to using NFS over TCP
BELOUARGA Mohamed (3):
linux-firmware : Add firmware of RTL8822 serie
bitbake: bitbake: fetch2/npmsw: Check if there are dependencies before trying to fetch them
bitbake: fetch2: Check if path is 'None' before calculating checksums
Bruce Ashfield (11):
kernel: make LOCALVERSION consistent between recipes
linux-yocto/6.4: fix CONFIG_LEDS_TRIGGER_GPIO kernel audit warning
linux-yocto/6.4: update to v6.4.6
linux-yocto/6.1: update to v6.1.41
linux-yocto/6.4: update to v6.4.7
linux-yocto-dev: bump to v6.5+
linux-yocto/6.4: update to v6.4.8
linux-yocto/6.1: update to v6.1.43
linux-yocto/6.4: update to v6.4.9
linux-yocto/6.4: fix qemuarm boot failure
linux-yocto-tiny/6.4: fix HID configuration warning
Chen Qi (4):
ncurses: fix CVE-2023-29491
multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS
gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation
openssh: sync with upstream's default
Christopher Larson (6):
bitbake: tests.data: add test for inline python calling a def'd function
bitbake: tests.codeparser: add test for exec of builtin from inline python
bitbake: data_smart: check for python builtins directly for context lookup
bitbake: tests.data: add test for builtin preferred over metadata value
bitbake: data_smart: directly check for methodpool functions in context lookup
bitbake: bb.tests.data: don't require the func flag for context functions
Denis OSTERLAND-HEIM (1):
kernel-fitImage: add machine compatible to config section
Dit Kozmaj (1):
bitbake: fetch2: Set maxsplit to match expected variables
Dmitry Baryshkov (5):
kmscube: bump SRCREV to get offscreen rendering to work
linux-firmware: package firmare for Dragonboard 410c
mesa: simplify overriding GALLIUMDRIVERS_LLVM
mesa: enable swrast Vulkan driver if LLVM drivers are enabled
linux-firmware: split platform-specific Adreno shaders to separate packages
Frederic Martinsons (4):
ptest-cargo.bbclass: Support of cargo workspaces
cargo.bbclass: Use --frozen flag for cargo operations
cargo_common.bbclass: Handle Cargo.lock modifications for git dependencies
rust-hello-world: Drop recipe
Jean-Marie Lemetayer (1):
package: always sort the conffiles
Joel Stanley (1):
kernel: don't fail if Modules.symvers doesn't exist
Jose Quaresma (1):
systemd: fix efi stubs
Joshua Watt (1):
bitbake: contrib: vim: Fix up a few errors when reloading
Julien Stephan (1):
libexif: add ptest support
Khem Raj (16):
nfs-utils: Fix host path contamination building locktest
ltp: Use bfd linker when lld is distro linker default
ffmpeg: Use bfd linker on i386 when lld is distro linker default
ltp: Use bfd linker for KVM_LD as well when ld-is-lld
autoconf: Backport upstreamed patches
Revert "site: merged common-glibc from OE"
x32-linux: Do not cache ac_cv_sys_file_offset_bits
gcc: Upgrade to 13.2 release
gnu-efi: Fix build break on riscv64
ffmpeg: Fix wrong code found with gas/2.41
systemd: Point to target binary paths for loadkeys and setfont
systemd: Make 254 work on musl
musl: Upgrade to tip of trunk
binutils: Upgrade to 2.41 release
systemd-boot: Ensure EFI_LD is also passed to compiler driver
pm-utils: Do not require GNU grep at runtime
Lee Chee Yang (2):
migration-guides: add release notes for 4.0.11
migration-guides: add release notes for 4.2.2
Luca Boccassi (2):
systemd: update to v254
systemd: add usrmerge to REQUIRED_DISTRO_FEATURES
Marek Vasut (1):
linux-firmware: Fix mediatek mt7601u firmware path
Mark Hatle (1):
tcf-agent: Update to 1.8.0 release
Markus Volk (4):
gcr3: remove recipe
systemd: add a packageconfig to support colored logs
webkitgtk: upgrade 2.40.2 -> 2.40.5
epiphany: upgrade 44.5 -> 44.6
Martin Jansa (3):
patchelf: add 3 fixes to optimize and fix uninative
alsa-utils: backport a fix to build with glibc-2.38
efivar: drop -fuse-ld=bfd
Michael Halstead (1):
yocto-uninative: Update hashes for uninative 4.1
Michael Opdenacker (4):
ref-manual: releases.svg: updates
ref-manual: LTS releases now supported for 4 years
poky.conf: update SANITY_TESTED_DISTROS to match autobuilder
recipes: remove unused AUTHOR variable
Oleksandr Hnatiuk (2):
file: return wrapper to fix builds when file is in buildtools-tarball
file: fix the way path is written to environment-setup.d
Ovidiu Panait (2):
mdadm: add util-linux-blockdev ptest dependency
mdadm: save ptest logs
Peter Marko (4):
cve-extra-exclusions: fix syntax error
libarchive: ignore CVE-2023-30571
cve-exclusion_6.1: correct typo in exclusion list name
bluez5: correct CVE status of ignored CVEs
Peter Suti (1):
externalsrc: fix dependency chain issues
Quentin Schulz (1):
docs: sdk-manual: appendix-obtain: fix literal block content
Richard Purdie (21):
createrepo-c: Fix 32 bit architecture segfaults with 64 bit time
build-appliance-image: Update to master head revision
oeqa/target/ssh: Ensure EAGAIN doesn't truncate output
createrepo-c: Update patch status
oeqa/runtime/ltp: Increase ltp test output timeout
oeqa/ltp: Show warning for non-zero exit codes
ltp: Add kernel loopback module dependency
target/ssh: Ensure exit code set for commands
autoconf: Upgrade to 2.72c
oeqa/ssh: Further improve process exit handling
oeqa/selftest/rust: Round test execution time to integer
qemuboot/runqemu: Fix 6.2 and later kernel network device naming
bitbake: siggen: Improve runtaskdeps data to fix sstate debugging
sstatesig: Update to match bitbake changes to runtaskdeps
Revert "kea: upgrade to v2.5.0"
selftest/reproducible: Update config to match ongoing changes
gnupg: Fix reproducibility failure
selftest: Ensure usrmerge is enabled with systemd
conf/init-mamager-systemd: Add usrmerge to DISTRO_FEATURES
bitbake.conf: Drop PE and PR from WORKDIR and STAMP
qemuboot: Update hardcoded path to match new layout
Robert Joslyn (2):
curl: Update from 8.1.2 to 8.2.0
curl: Refine ptest perl RDEPENDS
Ross Burton (8):
systemd: set correct paths for kdb binaries
systemd: depend on util-linux's swapon/off
linux-yocto: add script to generate kernel CVE_STATUS entries
ghostscript: backport fix for CVE-2023-38559
ghostscript: ignore CVE-2023-38560
openssh: upgrade to 9.3p2
librsvg: upgrade to 2.56.3
linux-yocto: extract generic kernel CVE_STATUS
Sakib Sajal (1):
go: upgrade 1.20.6 -> 1.20.7
Sudip Mukherjee (3):
libgit2: upgrade to v1.7.0
bind: upgrade to v9.18.17
kea: upgrade to v2.5.0
Tim Orling (10):
python3-urllib3: upgrade 2.0.3 -> 2.0.4
python3-hypothesis: upgrade 6.81.2 -> 6.82.0
python3-pyyaml: upgrade 6.0 -> 6.0.1
python_setuptools3_rust: inherit ...build_meta
python3-sphinx: upgrade 7.0.1 -> 7.1.1
python3-certifi: upgrade 2023.5.7 -> 2023.7.22
python3-more-itertools: upgrade 9.1.0 -> 10.0.0
python3-wheel: upgrade 0.40.0 -> 0.41.0
python3-chardet: upgrade 5.1.0 -> 5.2.0
python3-cryptography{-vectors}: upgrade -> 41.0.3
Trevor Gamblin (7):
python3-dtschema: upgrade 2023.4 -> 2023.6.1
python3-dtc: add from meta-virtualization
python3-dtschema: add python3-dtc to RDEPENDS
nfs-utils: upgrade 2.6.2 -> 2.6.3
iproute2: upgrade 6.3.0 -> 6.4.0
git: upgrade 2.39.3 -> 2.41.0
python3: add additional timing-related test skips
Ulrich Ölmann (3):
ref-manual: classes: kernel-fitimage: fix source of imagetype
ref-manual: classes: kernel-fitimage: fix typos
ref-manual: classes: kernel-fitimage: refine role of INITRAMFS_IMAGE_BUNDLE
Yang Xu (2):
oeqa/selftest/ssate: Add test for find_siginfo
bitbake: server/process: fix sig handle
Yash Shinde (5):
rust: Fix BOOTSTRAP_CARGO failure during Rust Oe-selftest
oeqa/selftest/rust: Add failed test cases to exclude list for Rust Oe-selftest
oeqa/selftest/binutils: Add elapsed time for binutils test report.
oeqa/selftest/gcc: Add elapsed time for gcc test report.
oeqa/selftest/glibc: Add elapsed time for glibc test report.
Yoann Congal (1):
bitbake: fetch2/gitsm: Document that we won't support propagating user parameter
meta-security: 405cca4028..b9bc938785:
Armin Kuster (21):
bastille: bastille/config should not be world writeable.
ossec-hids: Fix usermod
python3-flask-script: add package
python3-segno: add new package
python3-privacyidea: fixup REDPENDS
qemu: move qemu setting to image and out of layer.conf
packagegroup-core-security: only include firejail x86-64 and arch64
firejail: only allow x86-64 and arm64 to build
python3-tpm2-pytss: add python tss2 support
packagegroup: add python3-tpm2-pytss
clamav: update SRC_URI
scap-security-guide: refactor patches
packagegroup-security-tpm2: add more pkgs
scap-security-guide: enable ptest
python3-yamlpath: Add new pkg
python3-json2html: add new pkg
python3-json2html: add new pkg
meta-integrity: drop ima.cfg in favor of new k-cache
sshguard: Update to 2.4.3
meta-tpm linux-yocto-rt: Add the bbappend for rt kernel
layer: add QA_WARNINGS to all layers
Kai Kang (2):
openscap: fix buildpaths issue
sssd: 2.7.4 -> 2.9.1
Kevin Hao (1):
linux-yocto-rt: Add the bbappend for rt kernel
Luke Granger-Brown (1):
glome: update to tip
Wurm, Stephan (1):
dm-verity-image-initramfs: Allow compressed image types
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Icf1ba0c270d53f4c3c3838d4305116e5d6f794de
diff --git a/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb
index abd140c..9278146 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb
@@ -92,7 +92,7 @@
# Setting both variables below causing our makefiles to not work with
# implicit make rules
- unset CFLAGS
+ CFLAGS="-ffile-prefix-map=${S}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}"
unset CPPFLAGS
export SRCDIR=${S}
diff --git a/meta-openembedded/meta-oe/recipes-devtools/cjson/cjson_1.7.15.bb b/meta-openembedded/meta-oe/recipes-devtools/cjson/cjson_1.7.15.bb
index 200f751..8bf7981 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/cjson/cjson_1.7.15.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/cjson/cjson_1.7.15.bb
@@ -1,5 +1,4 @@
DESCRIPTION = "Ultralightweight JSON parser in ANSI C"
-AUTHOR = "Dave Gamble"
HOMEPAGE = "https://github.com/DaveGamble/cJSON"
SECTION = "libs"
LICENSE = "MIT"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/cloc/cloc_1.94.bb b/meta-openembedded/meta-oe/recipes-devtools/cloc/cloc_1.94.bb
index 2f92d81..37a21cc 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/cloc/cloc_1.94.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/cloc/cloc_1.94.bb
@@ -1,6 +1,5 @@
SUMMARY = "Count blank lines, comment lines, and physical lines of source code \
in many programming languages."
-AUTHOR = "Al Danial"
LICENSE="GPL-2.0-only"
LIC_FILES_CHKSUM = "file://LICENSE;md5=2c1c00f9d3ed9e24fa69b932b7e7aff2"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_6.0.20230611.0.bb b/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_6.0.20230730.0.bb
similarity index 95%
rename from meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_6.0.20230611.0.bb
rename to meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_6.0.20230730.0.bb
index 1b8d367..fc7d82d 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_6.0.20230611.0.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_6.0.20230730.0.bb
@@ -14,7 +14,7 @@
inherit autotools-brokensep pkgconfig manpages
-SRCREV = "89081ccd2aa6b4d8397a8e6741ea8c1e3f786162"
+SRCREV = "06036801ba3c5cc927c4dfd7be9ae08c8086eede"
SRC_URI = "git://github.com/universal-ctags/ctags;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers.bb b/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers.bb
index 6573916..183554e 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers.bb
@@ -15,8 +15,6 @@
S = "${WORKDIR}/git"
-CVE_CHECK_IGNORE += "CVE-2020-35864"
-
EXTRA_OECMAKE += " \
-DFLATBUFFERS_BUILD_TESTS=OFF \
-DFLATBUFFERS_BUILD_SHAREDLIB=ON \
diff --git a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch
new file mode 100644
index 0000000..ab46897
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch
@@ -0,0 +1,81 @@
+From d39489045b5aa73e27713e3cbacb8832c1140ec8 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Wed, 9 Aug 2023 13:33:45 +0800
+Subject: [PATCH] fix CVE-2023-32732
+
+CVE: CVE-2023-32732
+
+Upstream-Status: Backport [https://github.com/grpc/grpc/pull/32309/commits/6a7850ef4f042ac26559854266dddc79bfbc75b2]
+The original patch is adjusted to fit the current 1.50.1 version.
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ .../ext/transport/chttp2/transport/hpack_parser.cc | 10 +++++++---
+ src/core/ext/transport/chttp2/transport/internal.h | 2 --
+ src/core/ext/transport/chttp2/transport/parsing.cc | 6 ++----
+ 3 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
+index f2e49022dc3..cd459d15238 100644
+--- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc
++++ b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
+@@ -1211,12 +1211,16 @@ class HPackParser::Parser {
+ "). GRPC_ARG_MAX_METADATA_SIZE can be set to increase this limit.",
+ *frame_length_, metadata_size_limit_);
+ if (metadata_buffer_ != nullptr) metadata_buffer_->Clear();
++ // StreamId is used as a signal to skip this stream but keep the connection
++ // alive
+ return input_->MaybeSetErrorAndReturn(
+ [] {
+ return grpc_error_set_int(
+- GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+- "received initial metadata size exceeds limit"),
+- GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED);
++ grpc_error_set_int(
++ GRPC_ERROR_CREATE_FROM_STATIC_STRING(
++ "received initial metadata size exceeds limit"),
++ GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED),
++ GRPC_ERROR_INT_STREAM_ID, 0);
+ },
+ false);
+ }
+diff --git a/src/core/ext/transport/chttp2/transport/internal.h b/src/core/ext/transport/chttp2/transport/internal.h
+index 4a2f4261d83..f8b544d9583 100644
+--- a/src/core/ext/transport/chttp2/transport/internal.h
++++ b/src/core/ext/transport/chttp2/transport/internal.h
+@@ -542,8 +542,6 @@ struct grpc_chttp2_stream {
+
+ grpc_core::Timestamp deadline = grpc_core::Timestamp::InfFuture();
+
+- /** saw some stream level error */
+- grpc_error_handle forced_close_error = GRPC_ERROR_NONE;
+ /** how many header frames have we received? */
+ uint8_t header_frames_received = 0;
+ /** number of bytes received - reset at end of parse thread execution */
+diff --git a/src/core/ext/transport/chttp2/transport/parsing.cc b/src/core/ext/transport/chttp2/transport/parsing.cc
+index 980f13543f6..afe6da190b6 100644
+--- a/src/core/ext/transport/chttp2/transport/parsing.cc
++++ b/src/core/ext/transport/chttp2/transport/parsing.cc
+@@ -22,6 +22,7 @@
+ #include <string.h>
+
+ #include <string>
++#include <utility>
+
+ #include "absl/base/attributes.h"
+ #include "absl/status/status.h"
+@@ -719,10 +720,7 @@ static grpc_error_handle parse_frame_slice(grpc_chttp2_transport* t,
+ }
+ grpc_chttp2_parsing_become_skip_parser(t);
+ if (s) {
+- s->forced_close_error = err;
+- grpc_chttp2_add_rst_stream_to_next_write(t, t->incoming_stream_id,
+- GRPC_HTTP2_PROTOCOL_ERROR,
+- &s->stats.outgoing);
++ grpc_chttp2_cancel_stream(t, s, std::exchange(err, absl::OkStatus()));
+ } else {
+ GRPC_ERROR_UNREF(err);
+ }
+--
+2.34.1
+
diff --git a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb
index 958992e..45bfcb8 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb
@@ -26,6 +26,7 @@
file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \
file://0001-cmake-add-separate-export-for-plugin-targets.patch \
file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \
+ file://0001-fix-CVE-2023-32732.patch \
"
# Fixes build with older compilers 4.8 especially on ubuntu 14.04
CXXFLAGS:append:class-native = " -Wl,--no-as-needed"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/guider/guider_3.9.8.bb b/meta-openembedded/meta-oe/recipes-devtools/guider/guider_3.9.8.bb
index 30d17c8..15d43e9 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/guider/guider_3.9.8.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/guider/guider_3.9.8.bb
@@ -1,7 +1,6 @@
SUMMARY = "performance analyzer"
HOMEPAGE = "https://github.com/iipeace/guider"
BUGTRACKER = "https://github.com/iipeace/guider/issues"
-AUTHOR = "Peace Lee <ipeace5@gmail.com>"
LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://LICENSE;md5=2c1c00f9d3ed9e24fa69b932b7e7aff2"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/lapack/lapack/run-ptest b/meta-openembedded/meta-oe/recipes-devtools/lapack/lapack/run-ptest
new file mode 100755
index 0000000..8bd5fd1
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/lapack/lapack/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ctest --force-new-ctest-process | sed -u 's/\*\*\*/ /g' | awk '/Test +#/{gsub(/Passed/,"PASS"); gsub(/Failed/,"FAIL"); gsub(/Skipped/,"SKIP"); print $6": "$4; fflush();}'
diff --git a/meta-openembedded/meta-oe/recipes-devtools/lapack/lapack_3.10.1.bb b/meta-openembedded/meta-oe/recipes-devtools/lapack/lapack_3.10.1.bb
index 15f394e..787ace4 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/lapack/lapack_3.10.1.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/lapack/lapack_3.10.1.bb
@@ -11,17 +11,49 @@
#FORTRAN:forcevariable = ",fortran"
#RUNTIMETARGET:append:pn-gcc-runtime = " libquadmath"
-DEPENDS = "libgfortran"
+DEPENDS = "libgfortran \
+ ${@bb.utils.contains('PTEST_ENABLED', '1', 'rsync-native', '', d)} \
+ "
+RDEPENDS:${PN}-ptest += "cmake"
SRCREV = "32b062a33352e05771dcc01b981ebe961bf2e42f"
-SRC_URI = "git://github.com/Reference-LAPACK/lapack.git;protocol=https;branch=master"
+SRC_URI = "git://github.com/Reference-LAPACK/lapack.git;protocol=https;branch=master \
+ ${@bb.utils.contains('PTEST_ENABLED', '1', 'file://run-ptest', '', d)} \
+ "
S = "${WORKDIR}/git"
PACKAGECONFIG ?= ""
PACKAGECONFIG[lapacke] = "-DLAPACKE=ON,-DLAPACKE=OFF"
-EXTRA_OECMAKE = " -DBUILD_SHARED_LIBS=ON "
+EXTRA_OECMAKE = " -DBUILD_SHARED_LIBS=ON \
+ ${@bb.utils.contains('PTEST_ENABLED', '1', ' -DBUILD_TESTING=ON', '', d)} \
+ "
OECMAKE_GENERATOR = "Unix Makefiles"
-inherit cmake pkgconfig
+inherit cmake pkgconfig ptest
EXCLUDE_FROM_WORLD = "1"
+
+do_install_ptest () {
+ rsync -a ${B}/TESTING ${D}${PTEST_PATH} \
+ --exclude CMakeFiles \
+ --exclude cmake_install.cmake \
+ --exclude Makefile
+ rsync -a ${B}/BLAS ${D}${PTEST_PATH} \
+ --exclude CMakeFiles \
+ --exclude cmake_install.cmake \
+ --exclude Makefile
+ rsync -a ${B}/LAPACKE ${D}${PTEST_PATH} \
+ --exclude CMakeFiles \
+ --exclude cmake_install.cmake \
+ --exclude Makefile
+ cp -r ${B}/bin ${D}${PTEST_PATH}
+ cp -r ${B}/lapack_testing.py ${D}${PTEST_PATH}
+ cp ${B}/CTestTestfile.cmake ${D}${PTEST_PATH}
+ cp ${S}/TESTING/*.in ${S}/TESTING/runtest.cmake ${D}${PTEST_PATH}/TESTING
+ cp ${S}/BLAS/TESTING/*.in ${D}${PTEST_PATH}/BLAS/TESTING
+ sed -i -e 's#${B}#${PTEST_PATH}#g' `find ${D}${PTEST_PATH} -name CTestTestfile.cmake`
+ sed -i -e 's#${S}#${PTEST_PATH}#g' `find ${D}${PTEST_PATH} -name CTestTestfile.cmake`
+ sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' `find ${D}${PTEST_PATH} -name CTestTestfile.cmake`
+ sed -i -e 's#${PYTHON}#/usr/bin/python3#g' `find ${D}${PTEST_PATH} -name CTestTestfile.cmake`
+ sed -i -e 's#${WORKDIR}##g' `find ${D}${PTEST_PATH} -name CTestTestfile.cmake`
+}
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.16/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.17/oe-npm-cache
similarity index 100%
rename from meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.16/oe-npm-cache
rename to meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.17/oe-npm-cache
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.16.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.17.bb
similarity index 100%
rename from meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.16.bb
rename to meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.17.bb
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.16.0.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.17.0.bb
similarity index 97%
rename from meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.16.0.bb
rename to meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.17.0.bb
index 3adb515..1d49218 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.16.0.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.17.0.bb
@@ -1,7 +1,7 @@
DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript"
HOMEPAGE = "http://nodejs.org"
LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0 & Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=0be148d0e7298c5c94f7501affafbce5"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=bc1f9ebe76be76f163e3b675303ad9cd"
CVE_PRODUCT = "nodejs node.js"
@@ -39,7 +39,7 @@
SRC_URI:append:toolchain-clang:powerpc64le = " \
file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
"
-SRC_URI[sha256sum] = "33d81a233e235a509adda4a4f2209008d04591979de6b3f0f67c1c906093f118"
+SRC_URI[sha256sum] = "80c0faadf5ea39c213ccb9aa5c2432977a0f1b5a0b766852abd0de06f2770406"
S = "${WORKDIR}/node-v${PV}"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.7.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.8.bb
similarity index 97%
rename from meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.7.bb
rename to meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.8.bb
index 4dc0399..407b1a7 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.7.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.8.bb
@@ -34,9 +34,11 @@
"
S = "${WORKDIR}/php-${PV}"
-SRC_URI[sha256sum] = "5bfb2a35c67921bdcadd5c90cb290ad7537d24da113a5e8bc2d646b02de7488f"
+SRC_URI[sha256sum] = "995ed4009c7917c962d31837a1a3658f36d4af4f357b673c97ffdbe6403f8517"
-CVE_CHECK_IGNORE += "\
+CVE_STATUS_GROUPS += "CVE_STATUS_PHP"
+CVE_STATUS_PHP[status] = "fixed-version: The name of this product is exactly the same as github.com/emlog/emlog. CVE can be safely ignored."
+CVE_STATUS_PHP = " \
CVE-2007-2728 \
CVE-2007-3205 \
CVE-2007-4596 \
diff --git a/meta-openembedded/meta-oe/recipes-devtools/ply/ply_git.bb b/meta-openembedded/meta-oe/recipes-devtools/ply/ply_git.bb
index c22dcbd..7793971 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/ply/ply_git.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/ply/ply_git.bb
@@ -12,7 +12,7 @@
S = "${WORKDIR}/git"
-LD = "${HOST_PREFIX}ld.bfd${TOOLCHAIN_OPTIONS} ${HOST_LD_ARCH}"
+CACHED_CONFIGUREVARS = 'LD="${HOST_PREFIX}ld.bfd${TOOLCHAIN_OPTIONS} ${HOST_LD_ARCH}"'
inherit autotools-brokensep
diff --git a/meta-openembedded/meta-oe/recipes-devtools/sip/sip_6.7.9.bb b/meta-openembedded/meta-oe/recipes-devtools/sip/sip_6.7.11.bb
similarity index 83%
rename from meta-openembedded/meta-oe/recipes-devtools/sip/sip_6.7.9.bb
rename to meta-openembedded/meta-oe/recipes-devtools/sip/sip_6.7.11.bb
index f6c2457..66ec979 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/sip/sip_6.7.9.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/sip/sip_6.7.11.bb
@@ -11,6 +11,6 @@
inherit pypi setuptools3 python3native
PYPI_PACKAGE = "sip"
-SRC_URI[sha256sum] = "35d51fc10f599d3696abb50f29d068ad04763df7b77808c76b74597660f99b17"
+SRC_URI[sha256sum] = "f0dc3287a0b172e5664931c87847750d47e4fdcda4fe362b514af8edd655b469"
BBCLASSEXTEND = "native"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/smemstat/smemstat_0.02.11.bb b/meta-openembedded/meta-oe/recipes-devtools/smemstat/smemstat_0.02.12.bb
similarity index 90%
rename from meta-openembedded/meta-oe/recipes-devtools/smemstat/smemstat_0.02.11.bb
rename to meta-openembedded/meta-oe/recipes-devtools/smemstat/smemstat_0.02.12.bb
index 21f315b..46dc941 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/smemstat/smemstat_0.02.11.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/smemstat/smemstat_0.02.12.bb
@@ -7,7 +7,7 @@
DEPENDS = "ncurses"
SRC_URI = "git://github.com/ColinIanKing/smemstat.git;protocol=https;branch=master"
-SRCREV = "9eea7504ab33783d804c4ed9237e299effb68874"
+SRCREV = "72efeb08ccdb22f57054279d25e3c522e8e1d4c3"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
index ea76d48..dcb59f4 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
@@ -22,9 +22,7 @@
S = "${WORKDIR}/imap-${PV}"
-CVE_CHECK_IGNORE += "\
- CVE-2005-0198 \
-"
+CVE_STATUS[CVE-2005-0198] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
PACKAGECONFIG[pam] = ",,libpam"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch
new file mode 100644
index 0000000..ae10e99
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch
@@ -0,0 +1,29 @@
+From b2cc5a1693b17ac415df76d0795b15994c106441 Mon Sep 17 00:00:00 2001
+From: Katsuhiko Gondow <gondow@cs.titech.ac.jp>
+Date: Tue, 13 Jun 2023 05:00:47 +0900
+Subject: [PATCH] Fix memory leak in bin-objfmt (#231)
+
+Upstream-Status: Backport [https://github.com/yasm/yasm/commit/b2cc5a1693b17ac415df76d0795b15994c106441]
+
+CVE: CVE-2023-31975
+---
+ modules/objfmts/bin/bin-objfmt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/modules/objfmts/bin/bin-objfmt.c b/modules/objfmts/bin/bin-objfmt.c
+index 18026750..a38c3422 100644
+--- a/modules/objfmts/bin/bin-objfmt.c
++++ b/modules/objfmts/bin/bin-objfmt.c
+@@ -1680,6 +1680,10 @@ static void
+ bin_section_data_destroy(void *data)
+ {
+ bin_section_data *bsd = (bin_section_data *)data;
++ if (bsd->align)
++ yasm_xfree(bsd->align);
++ if (bsd->valign)
++ yasm_xfree(bsd->valign);
+ if (bsd->start)
+ yasm_expr_destroy(bsd->start);
+ if (bsd->vstart)
+--
+2.40.0
diff --git a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb
index 3dd382b..19686ff 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb
@@ -12,6 +12,7 @@
SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a"
SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
file://0001-Do-not-use-AC_HEADER_STDC.patch \
+ file://CVE-2023-31975.patch \
"
S = "${WORKDIR}/git"