subtree updates
poky: 8d0ba08aa6..2696bf8cf3:
Adam Johnston (1):
useradd_base: Fix sed command line for passwd-expire
Adrian Freihofer (1):
vscode: add minimal configuration
Alassane Yattara (44):
bitbake: Update toaster-requirements to add django-log-viewer==1.1.7
bitbake: toaster: bug-fix on tests.browser.test_most_recent_builds_states
bitbake: Toaster: Bug-fix failure on tests.browser.test_layerdetails_page
bitbake: Toaster: Fixed javascript issue on tests.browser.test_js_unit_tests
bitbake: Toaster: bug-fix on /toastermain/logs.py
bitbake: Toaster: bug-fix on custom image test cases
bitbake: Toaster: bug-fix on tests/views/test_views.py
bitbake: Toaster: bug-fix on tests.views.test_views.py
bitbake: toaster: Write logs to BUILDDIR/toaster_logs
bitbake: toaster: Add toaster-tests-requirements.txt to add pytest and some plugins
bitbake: toaster: Update orm.models to catch error ProcessLookupError
bitbake: toaster: Bug-fix pytest and Failed: Database access not allowed
bitbake: toaster: fixed pytest error: Database access not allowed, use the "django_db"
bitbake: toaster: Bug-fix django.db.utils.IntegrityError: Problem installing fixture
bitbake: toaster: fixed: Tests fail when executed one after the other out of sequence
bitbake: toaster: Added pytest.ini file
bitbake: toaster: Check info_sign is visible and clickable in landing page
bitbake: toaster: Test documentation link in landing header is displayed
bitbake: toaster: Test jumbotron links visible and clickable
bitbake: toaster: Bug-fix webdriver No parameter named options
bitbake: Toaster: Write UI TestCase create new project
bitbake: Toaster: Test create new project without project name
bitbake: Toaster: Write UI TestCase import new project using
bitbake: toaster/tests: Add UI TestCase to test if 'no build' message is shown
bitbake: toaster/tests: Add UI TestCase to test search box on all build page
bitbake: toaster/tests: Add UI TestCase to test the filtering feature on 'failure tasks' column
bitbake: toaster/tests: Add UI TestCase to test filtering feature on 'completed_on' column
bitbake: toaster/tests: Add UI TestCase to test "edit column" feature show/hide column
bitbake: toaster/tests: Add UI TestCase to test "show rows" feature, change displaying rows in table
bitbake: toaster/tests: Add UI TestCase for deleting project
bitbake: toaster/tests: Add UI TestCase for Visualize all projects
bitbake: toaster/tests: Add UI TestCase for visualize all projects edit column
bitbake: toaster/tests: Add UI TestCase for visualize all projects show rows
bitbake: toaster/tests/create_new_project: Code cleanup
bitbake: toaster/tests: Add UI TestCase - Check project header contains right items
bitbake: toaster/tests: Add UI TestCase - Test edit project name on project page
bitbake: toaster/tests: Add UI TestCase - Test project page has right tabs displayed
bitbake: toaster/tests: Add UI TestCase - Test project config tab navigation:
bitbake: toaster/tests: Add UI TestCase - Test project config tab
bitbake: toaster/tests: Add UI TestCase - Test project page tab import layer
bitbake: toaster/tests: Add UI TestCase - Test project page tab "New custom image"
bitbake: toaster/tests: Add UI TestCase - Test project page section images
bitbake: toaster/tests: Add UI TestCase for the edit column feature in image recipe
bitbake: toaster/tests: Add UI TestCase - Test the show rows feature in image recipe
Alberto Pianon (1):
bitbake: fetch2: Add API for upstream source tracing
Alejandro Hernandez Samaniego (2):
qemuarmv5: Drop QB_DTB conditional for older kernels
baremetal-helloworld: Pull in fix for race condition on x86-64
Alex Stewart (1):
libsndfile1: fix CVE-2022-33065
Alexander Kanavin (10):
scripts/bitbake-whatchanged: remove
selftest/buildoptions: tag the download mirror test with 'yocto-mirrors'
bitbake: runqueue.py: clarify that 'closest' signature means 'most recent' (and not closest in its content)
selftest/sstatetests: add tests for 'bitbake -S printdiff'
lib/oe/sstatesig.py: dump locked.sigs.inc only when explicitly asked via -S lockedsigs
selftest/sstatetests: add a test for CDN sstate cache
populate_sdk_ext.bbclass: do not symlink unfsd from sdk image sysroot into eSDK tools path
meta/lib/oe/copy_buildsystem.py: do not derefence symlinks
scripts/esdk-tools: use a dedicated, static directory for esdk tools
populate_sdk_ext: split copy_buildsystem() into logical steps defined as functions
Alexander Lussier-Cullen (2):
bitbake: toaster/tests: add passthroughs for relevant build environment variables
bitbake: toaster: make django temp directory configurable
Alexandre Belloni (1):
strace: further clean up of ptest folders
Alexis Lothoré (5):
scripts/resulttool: limit the number of changes displayed per test
scripts/resulttool: rearrange regressions report order
scripts/resulttool: make additional info more compact
scripts/yocto_testresults_query: add option to change display limit
scripts/resulttool: group all regressions in regression report
Anuj Mittal (9):
gstreamer1.0: upgrade 1.22.6 -> 1.22.7
gsettings-desktop-schemas: upgrade 44.0 -> 45.0
harfbuzz: upgrade 8.2.2 -> 8.3.0
libnotify: upgrade 0.8.2 -> 0.8.3
libtirpc: upgrade 1.3.3 -> 1.3.4
mmc-utils: upgrade to latest revision
puzzles: upgrade to latest revision
sqlite3: upgrade 3.43.2 -> 3.44.0
vulkan: upgrade 1.3.261.1 -> 1.3.268.0
Archana Polampalli (1):
vim: Upgrade 9.0.2048 -> 9.0.2068
Arne Schwerdt (1):
ref-manual: Warn about COMPATIBLE_MACHINE skipping native recipes
BELHADJ SALEM Talel (8):
bitbake.conf: Drop DEPLOY_DIR_TAR
ref-manual: Fix PACKAGECONFIG term and add an example
dev-manual: layers: Add notes about layer.conf
ref-manual: variables: add RECIPE_SYSROOT and RECIPE_SYSROOT_NATIVE
ref-manual: variables: add TOOLCHAIN_OPTIONS variable
ref-manual: variables: add example for SYSROOT_DIRS variable
bitbake: Fix find_bbfiles string endswith call
overview-manual: concepts: Add Bitbake Tasks Map
Bastian Krause (1):
linux-firmware: add new fw file to ${PN}-rtl8821
Bruce Ashfield (22):
linux-yocto/6.1: update to v6.1.56
linux-yocto/6.5: update to v6.5.6
linux-yocto/6.1: tiny: fix arm 32 boot
linux-yocto/6.5: tiny: fix arm 32 boot
linux-yocto/6.5: update to v6.5.7
linux-yocto/6.1: update to v6.1.57
linux-yocto/6.4: drop recipes
linux-yocto/6.5: avoid serial port suspend issues
linux-yocto/6.5: config: remove VIDEO_STK1160_COMMON
linux-yocto/6.5: serial: core: integrate upstream fixes
linux-yocto/6.5: update to v6.5.8
linux-yocto/6.1: update to v6.1.59
linux-yocto/6.5: update to v6.5.9
linux-yocto/6.1: update to v6.1.60
kern-tools: make lower context patches reproducible
kern-tools: bump SRCREV for queue processing changes
kern-tools: update SRCREV to include SECURITY.md file
kernel-yocto: improve metadata patching
linux-yocto/6.1: cfg: restore CONFIG_DEVMEM
linux-yocto/6.1: update to v6.1.61
linux-yocto/6.5: cfg: restore CONFIG_DEVMEM
linux-yocto/6.5: update to v6.5.10
Chen Qi (2):
kernel.bbclass: add preceding space in appendVar setting
systemd: fix DynamicUser issue
Chris Laplante (4):
bitbake: codeparser: replace deprecated ast.Str and 's'
bitbake: runqueue: set has 'add', not 'append' method
bitbake: codeparser: add missing 'import os'
bitbake: codegen: cleanup deprecated AST usages
Deepthi Hemraj (1):
binutils: Fix CVE-2022-47007
Desone Burns (1):
bitbake: bitbake: fetch2: git: Update Git-LFS download and tests
Dmitry Baryshkov (11):
kernel-arch: drop CCACHE from KERNEL_STRIP definition
meson: use correct targets for rust binaries
linux-firmware: upgrade 20230804 -> 20231030
linux-firmware: add missing depenencies on license packages
linux-firmware: add notice file to sdm845 modem firmware
linux-firmware: add audio topology symlink to the X13's audio package
linux-firmware: package firmware for Qualcomm Adreno a702
linux-firmware: package firmware for Qualcomm QCM2290 / QRB4210
linux-firmware: package Qualcomm Venus 6.0 firmware
linux-firmware: package Robotics RB5 sensors DSP firmware
libdrm: upgrade 2.4.116 -> 2.4.117
Eero Aaltonen (3):
base-files, systemd: add nss-resolve plugin
systemd: add option to use stub-resolv.conf
ref-manual: add systemd-resolved to distro features
Etienne Cordonnier (1):
bitbake: bitbake-worker: add header with length of message
Fabio Estevam (1):
packagegroup-core-tools-profile: Remove PROFILE_TOOLS_X
Fahad Arslan (1):
linux-firmware: create separate packages
Felix Moessbauer (1):
bitbake: fetch2/aws: forward env-vars used in gitlab-ci K8s
Florian Wickert (1):
systemd: fix libnss-mymachines packaging
Glenn Strauss (3):
lighttpd: upgrade 1.4.71 -> 1.4.72
lighttpd: update init script
lighttpd: modernize lighttpd.conf
Javier Tia (1):
kernel-arch: use ccache only for compiler
Jermain Horsman (3):
lib/oe/buildcfg.py: Include missing import
lib/oe/buildcfg.py: Remove unused parameter
lib/bblayers/setupwriters/oe-setup-layers.py: Fix indentation
Joakim Tjernlund (1):
sed -i destroys symlinks
Johannes Schneider (1):
base-files: profile: allow profile.d to set EDITOR
Jon Mason (2):
qemu: drop unreferenced patch
linux-yocto: Update dtb path for qemuarmv5
Jose Quaresma (5):
sstatesig: be more precise and show the full path in exceptions
systemd: sort packages before pn
systemd: add systemd-crypt package
systemd: add cryptsetup-plugins package config
systemd: add p11kit package config
Joshua Watt (24):
goarch: Move Go architecture mapping to a library
bitbake: asyncrpc: Abstract sockets
bitbake: hashserv: Add websocket connection implementation
bitbake: asyncrpc: Add context manager API
bitbake: hashserv: tests: Add external database tests
bitbake: asyncrpc: Prefix log messages with client info
bitbake: bitbake-hashserv: Allow arguments from environment
bitbake: hashserv: Abstract database
bitbake: hashserv: Add SQLalchemy backend
bitbake: hashserv: Implement read-only version of "report" RPC
bitbake: asyncrpc: Add InvokeError
bitbake: asyncrpc: client: Prevent double closing of loop
bitbake: asyncrpc: client: Add disconnect API
bitbake: hashserv: Add user permissions
bitbake: hashserv: Add become-user API
bitbake: hashserv: Add db-usage API
bitbake: hashserv: Add database column query API
bitbake: hashserv: test: Add bitbake-hashclient tests
bitbake: bitbake-hashclient: Output stats in JSON format
bitbake: bitbake-hashserver: Allow anonymous permissions to be space separated
bitbake: hashserv: tests: Allow authentication for external server tests
bitbake: hashserv: Allow self-service deletion
bitbake: hashserv: server: Add owner if user is logged in
bitbake: asyncrpc: Add option to set log level when running as a process
Julien Stephan (10):
oeqa/selftest/devtool: abort if a local workspace already exist
oeqa/selftest/devtool: remove spaces on empty line
recipetool/create_buildsys_python: fix license note
recipetool/create_buildsys_python: prefix created recipes with python3-
recipetool/create_buildsys_python: refactor code for futur PEP517 addition
recipetool/create_buildsys_python: add PEP517 support
oeqa/selftest/recipetool: add selftest for PEP-517 recipe creation
oeqa/selftest/devtool: fix test_devtool_modify_overrides test
bitbake: bitbake: utils: remove spaces on empty lines
bitbake: fetch2: git: add missing destsuffix and subpath parameters in docstrings
Jérémy Rosen (5):
insane: Add unimplemented-ptest infrastructure
insane: Detect python and perl based tests
insane: Detect build-system test harnesses
insane: Add a naive heuristic to detect test subdirectories
ref-manual: Add documentation for the unimplemented-ptest QA warning
Jörg Sommer (3):
libtirpc: Support ipv6 in DISTRO_FEATURES
base-files: Remove localhost ::1 from hosts if ipv6 missing
package_qa_check_rdepends: Allow /usr/bin/sh if usrmerge
Khem Raj (23):
gcompat: Add fcntl64 wrapper
gcompat: Upgrade to 1.1.0 release
python3-urllib3: Update to 2.0.6
llvm: Upgrade to 17.0.3
shared-mime-info: Fix missing sentinel warning
openssl: Match target name for riscv64/riscv32
openssl: Inherit riscv32 config from latomic config on linux
kernel.bbclass: Use strip utility used for kernel build in do_package
python3-urllib3: Upgrade to 2.0.7
qemuriscv: Add to common MACHINE_FEATURES instead of overriding them
meson: Add check for riscv64 in link template
machine-sdk: Add SDK_ARCH for riscv64
uninative.bbclass: Add ldso information for riscv64
rust-cross-canadian: Add riscv64 to cross-canadian hosts
cdrtools: Fix build on riscv64
llvm: Upgrade to 17.0.4 release
systemd: Make libnss-mymachines conditional upon packageconfig
ptest-packagelists: Remove strace/valgrind/lttng-tools on riscv32
libarchive: Add packageconfig knob for libb2
librsvg: Fix build for riscv32
librsvg: Enable 64bit atomics in crossbeam again for riscv32
libsoup: Upgrade to 3.4.2 -> 3.4.4
llvm: Upgrade to 17.0.5
Lee Chee Yang (6):
qemu: ignore RHEL specific CVE-2023-2680
machine: drop obsolete SERIAL_CONSOLES_CHECK
documentation.conf: drop SERIAL_CONSOLES_CHECK
release-notes-4.3: add Repositories / Downloads section
migration-guide: add release notes for 4.0.14
migration-guide: add release notes for 4.2.4
Logan Gunthorpe (1):
runqemu: Add squashfs filesystem types
Lukas Funke (5):
classes: go-vendor: Add go-vendor class
selftest: recipetool: Add test for go recipe handler
recipetool: Ignore *.go files while scanning for licenses
recipetool: Add handler to create go recipes
udev-extraconf: mount.sh: check if filesystem is supported before mounting
Malte Schmidt (3):
systemd: use nonarch libdir for tmpfiles.d
pam: use nonarch libdir for tmpfiles.d
sysstat: use nonarch libdir for tmpfiles.d
Marcus Folkesson (1):
qemuboot.bbclass: fix typos in documentation
Markus Fuchs (1):
systemd: Add 'no-ntp-fallback' PACKAGECONFIG option
Markus Volk (6):
libcroco: drop recipe
gnomebase.bbclass: Use meson as default buildsystem
ghostscript: Build and install shared lib
cups: Upgrade 2.4.6 -> 2.4.7
gtk: Add rdepend on printbackend for cups
ffmpeg: Upgrade 6.0 -> 6.1
Marlon Rodriguez Garcia (6):
bitbake: toaster: updated bootstrap version 3.3.6 -> 3.3.7
bitbake: toaster: Update bootstrap version to 3.4.1
bitbake: toaster: update jquery version 2.0.3 -> 3.7.1
bitbake: toaster: fixed functional test
bitbake: toaster: add tox.ini file to execute test suite
bitbake: toaster: replace deprecated tags ifequal and ifnotequal
Marta Rybczynska (6):
SECURITY.md: add file
bitbake: SECURITY.md: add file
dev-manual: add security team processes
python3-beartype: upgrade 0.16.2 -> 0.16.4
python3-spdx-tools: upgrade 0.8.1 -> 0.8.2
dev-manual: extend the description of CVE patch preparation
Martin Jansa (13):
staging.bbclass: process installed dependencies in deterministic order as well
bitbake.conf: drop ${PE} and ${PR} from -f{file,macro,debug}-prefix-map
ovmf: drop PE, PR from /usr/src/debug paths
go-cross-canadian.inc: drop PE, PR from /usr/src/debug paths
acpica: drop PE, PR from /usr/src/debug paths
libjpeg-turbo: drop PE, PR from /usr/src/debug paths
ffmpeg: drop PE, PR from /usr/src/debug paths
perf: drop PE, PR from /usr/src/debug paths
rust: drop PE, PR from /usr/src/debug paths
vulkan-samples: drop PE, PR from /usr/src/debug paths
valgrind: drop PE, PR from /usr/src/debug paths
python3-cython: drop PE, PR from /usr/src/debug paths
igt-gpu-tools: drop PR from /usr/src/debug paths
Massimiliano Minella (1):
systemd: update LICENSE statement
Max Krummenacher (2):
Revert "bin_package.bbclass: Inhibit the default dependencies"
perf: fix build with latest kernel
Meenali Gupta (5):
avahi: fix CVE-2023-38469
avahi: fix CVE-2023-38470
avahi: fix CVE-2023-38471
avahi: fix CVE-2023-38472
avahi: fix CVE-2023-38473
Michael Halstead (1):
docs: add support for nanbield (4.3) release
Michael Opdenacker (29):
manuals: update linux-yocto append examples
dev-manual: wic: update "wic list images" output
sdk-manual: appendix-obtain: improve and update descriptions
manuals: update list of supported machines
bsp-guide: bsp: skip Intel machines no longer supported in Poky
brief-yoctoprojectqs: use new CDN mirror for sstate
dev-manual: start.rst: remove obsolete reference
local.conf.sample: remove mips edgerouter machine
oeqa/runtime/cases/parselogs: remove "edgerouter" case
manuals: correct "yocto-linux" by "linux-yocto"
test-manual: reproducible-builds: stop mentioning LTO bug
ref-manual: document KERNEL_LOCALVERSION
ref-manual: variables: document OEQA_REPRODUCIBLE_TEST_PACKAGE
migration-guides: updates for 4.3
migration-guides: mention runqemu change in serial port management
ref-manual: document KERNEL_STRIP
migration-guides: further updates for 4.3
manuals: improve description of CVE_STATUS and CVE_STATUS_GROUPS
ref-manual: document MESON_TARGET
ref-manual: document cargo_c class
ref-manual: variables: mention new CDN for SSTATE_MIRRORS
ref-manual: variables: add RECIPE_MAINTAINER
ref-manual: variables: remove SERIAL_CONSOLES_CHECK
migration-guides: further updates for release 4.3
bsp-guide: bsp.rst: update beaglebone example
ref-manual: classes: explain cml1 class name
migration-guides: fix empty sections
manuals: fix URL
ref-manual: releases.svg: update nanbield release status
Mickael RAMILISON (1):
scripts/patchreview: Add a custom pattern for finding recipe patches
Mingli Yu (2):
openssh: Add sshd.service
openssh: Don't hardcode the dir in sshd.service
Niko Mauno (6):
package_rpm: Fix some pycodestyle issues
package_rpm: Minor cosmetic and style fixes
package_rpm: Remove unused definitions
package_rpm: Allow compression mode override
image_types.bbclass: Use xz default compression preset level
ccache.conf: Remove obsolete configuration option
Paul Barker (1):
ref-manual: Fix reference to MIRRORS/PREMIRRORS defaults
Paul Eggleton (12):
Remove references to apm in MACHINE_FEATURES
ref-manual: update SDK_NAME variable documentation
ref-manual: remove semicolons from *PROCESS_COMMAND variables
release-notes-4.3: fix some typos
release-notes-4.3: tweaks to existing text
release-notes-4.3: add CVEs, recipe upgrades, license changes, contributors
release-notes-4.3: remove the Distribution section
release-notes-4.3: move new classes to Rust section
release-notes-4.3: feature additions
migration-4.3: remove some unnecessary items
migration-4.3: adjustments to existing text
migration-4.3: additional migration items
Pavel Zhukov (1):
bitbake: tests/fetch.py: Add tests to cover multiple branch/name parameters
Peter Kjellerstedt (5):
bb-matrix-plot.sh: Show underscores correctly in labels
bitbake: command: Make parseRecipeFile() handle virtual recipes correctly
bitbake: cookerdata: Be consistent with what type bb_data represents
bitbake: cache: Simplify virtualfn2realfn()
oeqa/selftest/tinfoil: Add tests that parse virtual recipes
Peter Marko (1):
openssl: Upgrade 3.1.3 -> 3.1.4
Quentin Schulz (2):
recipes-rt: update README to match newer override syntax
ref-manual: variables: provide no-match example for COMPATIBLE_MACHINE
Ragesh Nair (1):
bitbake: fetch2/git: fix lfs fetch with destsuffix param
Randy MacLeod (2):
strace: backport fix for so_peerpidfd-test
strace: upgrade 6.5 -> 6.6
Rasmus Villemoes (3):
perf: lift TARGET_CC_ARCH modification out of security_flags.inc
valgrind: split helper scripts to separate packages, update dependencies
perf: add jevents PACKAGECONFIG item
Richard Purdie (34):
reproducible: Exclude rust for now again
linux/cve-exclusion6.1/6.5: Update to latest kernel point releases
oeqa/qemurunner: Drop newlines serial workaround
local.conf.sample: Document new CDN mirror for sstate
poky.conf: Bump version for 4.3 nanbield release
build-appliance-image: Update to master head revision
poky.conf: Update to post release versioning
base: Ensure recipes using mercurial-native have certificates
qemu: Upgrade 8.1.0 -> 8.1.2
oeqa/selftest: Drop machines support
sstate: Ensure sstate searches update file mtime
insane: Move unpack tests to do_recipe_qa
go-vendor: Minor style tweaks
package/package_write: Improve packagedata code location
debianutils: Fix warnings
bitbake: runqueue: Fix runall option for setscene tasks
bitbake: runqueue: Fix errors when using -S printdiff
oeqa/selftest/sstatetests: Fix intermitttent errors and improve performance
layer.conf: Switch layer to nanbield series only
libdnf: Fix arm arch mapping issues for qemuarmv5
linux/cve-exclusion6.1/6.5: Update to latest kernel point releases
bitbake: Revert "toaster: Bug-fix webdriver No parameter named options"
vim: Improve locale handling
selftest/reproducible: Allow packages exclusion via config
bitbake: runqueue: Move 'cantskip' into sqdata
bitbake: runqueue: Refactor StaleSetSceneTasks event out of build_scenequeue_data
bitbake: toaster/tox.ini: Add py 3.11 and 3.12
bitbake.conf: Drop oldincludedir
bitbake: cooker: Add support for BB_DEFAULT_EVENTLOG
bitbake: cooker: Avoid sideeffects for autorev from getAllKeysWithFlags
oeqa/selftest/sstatetests: Re-enable CDN tests
bitbake.conf: Log events by default using BB_DEFAULT_EVENTLOG
package_ipk: Fix Source: field variable dependency
Revert "binutils: Fix CVE-2022-47007"
Robert P. J. Day (2):
dev-manual: new-recipe.rst: add missing parenthesis to "Patching Code" section
profile-manual: aesthetic cleanups
Ross Burton (36):
man-db: add RRECOMMENDS on glibc-utils for iconv
man-db: remove inexplicable man_db.conf patch
patchtest: remove unused imports
patchtest: sort when reading patches from a directory
linux-yocto: update CVE exclusions
libxml2: ignore disputed CVE-2023-45322
zlib: ignore CVE-2023-45853
cve-check: sort the package list in the JSON report
cve-check: slightly more verbose warning when adding the same package twice
pixman: ignore CVE-2023-37769
scripts/patchreview: rework patch detection
scripts/contrib/patchreview: add commit and recipe count fields to JSON
scripts/contrib/patchreview: consolidate imports
scripts/contrib/patchreview: fix commit identification
cve-check: don't warn if a patch is remote
migration-guides: add debian 12 to newly supported distros
migration-guides: edgerouter machine removed
migration-guides: QEMU_USE_SLIRP variable removed
migration-guides: remove non-notable change
migration-guides: mention LLVM 17
migration-guides: mention CDN
migration-guides: add kernel notes
migration-guides: remove SERIAL_CONSOLES_CHECK
migration-guides: enabling SPDX only for Poky, not a global default
migration-guides: add testing notes
migration-guides: add utility notes
migration-guides: add BitBake changes
migration-guides: packaging changes
migration-guides: git recipes reword
poky-tiny: fix PACKAGE_EXCLUDE
Revert "xserver-xorg: Fix for CVE-2023-5574"
xwayland: upgrade to 23.2.2
lib/oe/patch: ensure os.chdir restoring always happens
oeqa/selftest/debuginfod: improve selftest
shared-mime-info: embed PV in the filename
rust-llvm: remove python3native dependency
Rouven Czerwinski (1):
glib-2.0: Remove unnecessary assignement
Sean Nyekjaer (3):
rust-cross-canadian: set CARGO_TARGET_<triple>_RUSTFLAGS
rust-cross-canadian: set CARGO_TARGET_<triple>_RUNNER for nativesdk
oeqa/sdk/rust: Add build and run test of rust binary with SDK host
Sergei Zhmylev (1):
classes: Move package RDEPENDS processing out of debian.bbclass
Siddharth Doshi (2):
vim: Upgrade 9.0.1894 -> 9.0.2009
vim: Upgrade 9.0.2009 -> 9.0.2048
Stefan Herbrechtsmeier (2):
glibc: use nonarch libdir for tmpfiles.d
classes: go-mod: do not pack go mod cache
Steve Sakoman (1):
vim: use upstream generated .po files
Stéphane Veyret (2):
volatile-binds: Allow creation of subdirectories
volatile-binds: Calculate the name of the /var/lib service
Thomas Perrot (1):
opensbi: Upgrade to 1.3.1 release
Thomas Wolber (1):
kea: drop unused directory
Tim Orling (9):
recipetool: add python_hatchling support
lsb-release: use https for UPSTREAM_CHECK_URI
bitbake: toaster: drop deprecated USE_L10N from settings
bitbake: toaster: use docs for BitBake link on landing page
bitbake: toaster: fix obsolete use of find_element_by_link_text
bitbake: toaster: test_create_new_project typos, whitespace
python3-hypothesis: upgrade 6.88.3 -> 6.89.0
python3-setuptools-scm: upgrade 7.1.0 -> 8.0.4
python3-poetry-core: upgrade 1.7.0 -> 1.8.1
Trevor Gamblin (30):
patchtest: improve test issue messages
patchtest: clean up test suite
patchtest/requirements.txt: update
patchtest: add supporting modules
patchtest: add scripts to oe-core
patchtest: set default repo and testdir targets
patchtest: update SPDX identifiers
patchtest/selftest: fix command arguments
patchtest: check for untracked changes
patchtest: test regardless of mergeability
patchtest: skip merge test if not targeting master
contributor-guide: add patchtest section
contributor-guide: clarify patchtest usage
patchtest: fix lic_files_chksum test regex
patchtest-send-results: improve subject line
patchtest: disable merge test
patchtest-send-results: check max line length, simplify responses
patchtest/selftest: add XSKIP, update test files
patchtest: simplify test directory structure
patchtest: reduce checksum test output length
patchtest: shorten test result outputs
patchtest-send-results: send results to submitter
patchtest-send-results: add In-Reply-To
patchtest: make pylint tests compatible with 3.x
patchtest: remove test for CVE tag in mbox
patchtest-send-results: fix sender parsing
patchtest: rework license checksum tests
python3-mako: upgrade 1.2.4 -> 1.3.0
python3-trove-classifiers: upgrade 2023.10.18 -> 2023.11.14
python3-numpy: upgrade 1.26.0 -> 1.26.2
Vijay Anusuri (1):
xserver-xorg: Fix for CVE-2023-5574
Vincent Davis Jr (1):
acpica: add nativesdk to BBCLASSEXTEND
Vyacheslav Yurkov (1):
lib/oe/path: Deploy files can start only with a dot
Wang Mingyu (79):
openssh: upgrade 9.4p1 -> 9.5p1
bluez5: upgrade 5.69 -> 5.70
btrfs-tools: upgrade 6.5.1 -> 6.5.2
createrepo-c: upgrade 1.0.0 -> 1.0.1
dhcpcd: upgrade 10.0.2 -> 10.0.3
ell: upgrade 0.58 -> 0.59
kmod: upgrade 30 -> 31
libcomps: upgrade 0.1.19 -> 0.1.20
libsdl2: upgrade 2.28.3 -> 2.28.4
libubootenv: upgrade 0.3.4 -> 0.3.5
ltp: upgrade 20230516 -> 20230929
libva: upgrade 2.19.0 -> 2.20.0
python3-git: upgrade 3.1.36 -> 3.1.37
python3-babel: upgrade 2.12.1 -> 2.13.0
python3-beartype: upgrade 0.15.0 -> 0.16.2
python3-cffi: upgrade 1.15.1 -> 1.16.0
python3-hypothesis: upgrade 6.86.2 -> 6.87.4
python3-iso8601: upgrade 2.0.0 -> 2.1.0
python3-markdown: upgrade 3.4.4 -> 3.5
python3-packaging: upgrade 23.1 -> 23.2
python3-pycairo: upgrade 1.24.0 -> 1.25.0
python3-ruamel-yaml: upgrade 0.17.32 -> 0.17.35
xkeyboard-config: upgrade 2.39 -> 2.40
python3-wcwidth: upgrade 0.2.6 -> 0.2.8
repo: upgrade 2.36.1 -> 2.37
shared-mime-info: upgrade 2.2 -> 2.3
sqlite3: upgrade 3.43.1 -> 3.43.2
stress-ng: upgrade 0.16.05 -> 0.17.00
base-passwd: upgrade 3.6.1 -> 3.6.2
createrepo-c: upgrade 1.0.1 -> 1.0.2
cronie: upgrade 1.6.1 -> 1.7.0
dhcpcd: upgrade 10.0.3 -> 10.0.4
enchant2: upgrade 2.6.1 -> 2.6.2
btrfs-tools: upgrade 6.5.2 -> 6.5.3
debianutils: upgrade 5.13 -> 5.14
gpgme: upgrade 1.22.0 -> 1.23.1
harfbuzz: upgrade 8.2.1 -> 8.2.2
libdnf: upgrade 0.71.0 -> 0.72.0
libical: upgrade 3.0.16 -> 3.0.17
libjpeg-turbo: upgrade 3.0.0 -> 3.0.1
libnewt: upgrade 0.52.23 -> 0.52.24
libnsl2: upgrade 2.0.0 -> 2.0.1
lighttpd: upgrade 1.4.72 -> 1.4.73
msmtp: upgrade 1.8.24 -> 1.8.25
ghostscript: upgrade 10.02.0 -> 10.02.1
glib-2.0: upgrade 2.78.0 -> 2.78.1
python3-pyrsistent: upgrade 0.19.3 -> 0.20.0
python3-babel: upgrade 2.13.0 -> 2.13.1
python3-gitdb: upgrade 4.0.10 -> 4.0.11
python3-git: upgrade 3.1.37 -> 3.1.40
python3-hypothesis: upgrade 6.87.4 -> 6.88.1
python3-pip: upgrade 23.2.1 -> 23.3.1
python3-psutil: upgrade 5.9.5 -> 5.9.6
python3-pycairo: upgrade 1.25.0 -> 1.25.1
python3-pyopenssl: upgrade 23.2.0 -> 23.3.0
python3-pytest: upgrade 7.4.2 -> 7.4.3
python3-setuptools-rust: upgrade 1.7.0 -> 1.8.1
python3-testtools: upgrade 2.6.0 -> 2.7.0
python3-trove-classifiers: upgrade 2023.9.19 -> 2023.10.18
python3-wcwidth: upgrade 0.2.8 -> 0.2.9
python3-wheel: upgrade 0.41.2 -> 0.41.3
shaderc: upgrade 2023.6 -> 2023.7
xserver-xorg: upgrade 21.1.8 -> 21.1.9
python3-cryptography(-vectors): upgrade 41.0.4 -> 41.0.5
dhcpcd: upgrade 10.0.4 -> 10.0.5
diffoscope: upgrade 249 -> 251
git: upgrade 2.42.0 -> 2.42.1
iproute2: upgrade 6.5.0 -> 6.6.0
libsdl2: upgrade 2.28.4 -> 2.28.5
libsolv: upgrade 0.7.25 -> 0.7.26
libuv: upgrade 1.46.0 -> 1.47.0
bash: upgrade 5.2.15 -> 5.2.21
dnf: upgrade 4.17.0 -> 4.18.1
python3-hatch-vcs: upgrade 0.3.0 -> 0.4.0
python3-hypothesis: upgrade 6.88.1 -> 6.88.3
python3-pbr: upgrade 5.11.1 -> 6.0.0
python3-testtools: upgrade 2.7.0 -> 2.7.1
shared-mime-info: upgrade 2.3 -> 2.4
stress-ng: upgrade 0.17.00 -> 0.17.01
William A. Kennington III (1):
kernel: Commit without running hooks
William Lyu (2):
perl: fix intermittent test failure
openssl: improve handshake test error reporting
Xiangyu Chen (4):
linux-yocto: make sure the pahole-native available before do_kernel_configme
grub: Fix for CVE-2023-4692 and CVE-2023-4693
sudo: upgrade 1.9.14p3 -> 1.9.15p2
openssh: add systemd readiness notification support
Yoann Congal (4):
insane: skip unimplemented-ptest on S=WORKDIR recipes
insane: unimplemented-ptest: ignore source file errors
selftest/reproducible: Split a long line
meta-selftest/files: add xuser to static-passwd/-group
david d zuhn (1):
bitbake.conf: remove ${CCACHE} from FORTRAN compiler
luca fancellu (1):
oeqa/ssh: Handle SSHCall timeout error code
meta-arm: e914891eee..1dff3300fb:
Abdellatif El Khlifi (6):
arm-bsp/linux-yocto: corstone1000: bump to v6.5%
arm-bsp/documentation: corstone1000: enable debug-tweaks
arm-bsp/documentation: corstone1000: update the release note
arm-bsp/documentation: corstone1000: update the change log
arm-bsp/documentation: corstone1000: update the user guide
kas: corstone1000: pin the SHAs
Ali Can Ozaslan (1):
arm-bsp/documentation: corstone1000: Update the user guide
Debbie Martin (10):
arm-bsp/u-boot: Divide the U-boot configuration by machine
arm-bsp/fvp-base: Merge fvp-common.inc into fvp-base.conf
arm-bsp/trusted-firmware-a/fvp-base: Add stdout path and virtio net and rng
arm-bsp/u-boot/fvp-base: Configure FVP base U-boot machine and enable U-boot sysreset, CRC-32 and virtio RNG
arm-bsp/fvp-base: Configure grub as the EFI provider
arm/fvp-base: Update the default testsuites
arm-systemready: Introduce the Arm SystemReady layer
arm-bsp/systemready: Bring up the Arm SystemReady IR ACS 2.0 suite on FVP base
kas: Add kas configuration for Arm SystemReady and fvp-base
ci: Add fvpboot to IMAGE_CLASSES
Delane Brandy (1):
arm-bsp/documentation: corstone1000: Update the user guide
Drew Reed (2):
arm-bsp: Enable TF-A test building for the N1SDP
CI: Enable TF-A TFTF test builds
Emekcan Aras (17):
arm-bsp/u-boot: corstone1000: enable on-disk capsule update
arm-bsp/u-boot: corstone1000: fix runtime capsule update flag checks
arm-bsp/trusted-firmware-m: fix capsule update alignment
arm-bsp/trusted-firmware-m: update the upstream status of the out-of-tree patches
arm-bsp/u-boot: corstone1000: scatter gather list workaround for ondisk capsule update
arm-bsp/trusted-services: enable signaled handling interrupts for SPs
arm-bsp/corstone1000: fix synchronization issue on openamp notification
arm/fvp-corstone1000: upgrade to 11.23_25
arm-bsp/corstone1000-fvp: Add virtio-net configuration
arm-bsp/corstone1000-fvp: add unpadded image support for MMC card config
arm-bsp/corstone1000-fvp: Disable Time Annotation
arm-bsp/u-boot: corstone1000: enable virtio-net support for FVP
arm-bsp/documentation: corstone1000: update the architecture document
arm-bsp/documentation: corstone1000: Add EFI system partition section
arm-bsp/documentation: corstone1000: add a note and fix instructions
arm-bsp/documentation: corstone1000: add readthedocs.yaml file
arm-bsp/documentation: corstone1000: fix the requirements.txt and conf.py path
Harsimran Singh Tungal (4):
arm-bsp/u-boot: corstone1000: Remove External system patches
arm-bsp/linux: corstone1000: update the defconfig
arm-bsp/linux: corstone1000: Remove External system patches
arm-bsp/images: corstone1000: Remove the external system test package
Javier Tia (1):
trusted-firmware-a: fix build error when using ccache
Jon Mason (10):
arm-bsp/linux-yocto: add recipe for v6.4 kernel
arm/linux-yocto: remove defconfig patch
CI: add sbsa-acs to recipe report
arm/linux-yocto: remove PHYS_VIRT config frag
arm-bsp/optee: remove 3.18 recipes and patches
arm-bsp/edk2: remove 202211
arm/hafnium: update to v2.9
arm/optee: update to 4.0.0
arm/optee: cleanups from code review
arm/toolchains: update to 13.2.Rel1
Mariam Elshakfy (3):
arm-bsp/n1sdp: Move OP-TEE to DDR4
arm-bsp/n1sdp: Enable OP-TEE cache in N1SDP
arm-bsp/corstone1000: Remove inappropriate kernel delay patch
Ross Burton (24):
arm/oeqa/selftest: tag all tests with "meta-arm"
CI: don't hardcode the selftest tests to run
CI: also run the _qemutiny testcase for poky-tiny
CI: track nanbield branches
arm/fvp-corstone1000: upgrade to 11.22.35, add aarch64 binaries
kas/corstone1000: don't limit the FVP use to x86-64
CI: don't pin corstone1000-fvp to x86-64
CI: build both aarch64 and x86-64 packages for as many FVPs as possible
arm-bsp/u-boot: remove 2023.01
arm/trusted-firmware-a: update mbedtls to recommended release
CI: Add meta-secure-core to pending-upgrades for corstone1000
arm-bsp: corstone1000 depends on meta-efi-secure-boot
arm/generic-arm64: remove obsolete SERIAL_CONSOLES_CHECK
arm/lib/fvp/runner: don't pass '' as cwd
scripts/runfvp: exit code should be the FVP exit code
arm/selftest: add test that DISPLAY is forwarded into the runfvp child
CI: use nanbield branch for meta-virtualization
CI: use nanbield branch of meta-clang
arm/optee: handle CVE-2021-36133 as disputed
arm-bsp/optee-os: backport fix for CVE-2023-41325
arm/fvp-base-a-aem: upgrade to 11.23.9
arm-bsp/fvp-base: upgrade tune to v8.4
arm-bsp/trusted-firmware-a: use v8.4 instructions on fvp-base
arm-bsp/optee-os: update Upstream-Status tags
Vikas Katariya (1):
arm-bsp/corstone1000: Fix RSA key generation issue
Xueliang Zhong (2):
Update Corstone-1000 doc with security issue reporting guideline
arm-bsp/n1sdp: update to linux yocto kernel 6.5
meta-raspberrypi: 482d864b8f..8231f97534:
Andrei Gherzan (1):
docs: Fix ReadTheDocs builds.os requirement
Carlos Alberto Lopez Perez (1):
linux-raspberrypi: stop setting powersave as the default CPU governor
Jose Quaresma (2):
linux-raspberrypi/linux-raspberrypi-v7: drop 5.10 version
rpi-base: Adds EXTRA_IMAGEDEPENDS to fix the image task do_populate_lic_deploy
Khem Raj (1):
linux-raspberrypi_6.1.bb: Update to 6.1.61 release
Leon Anavi (2):
rpi-config: Upgrade to tip of tree
rpi-config: reintroduce start_x
Matthew Draws (1):
rpi-eeprom: Update to 2023.10.18-2712
Vincent Davis Jr (1):
rpidistro-vlc: add new patch po-Fix-typos-in-oc
meta-openembedded: 62039a2c33..991e6852a5:
Akash Hadke (1):
libeigen: Update GPL-3.0-only to GPL-2.0-only
Alex Kiernan (2):
reptyr: Add 0.10.0
mdns: Upgrade 2200.0.8 -> 2200.40.37.0.1
Alper Ak (1):
unionfs-fuse: upgrade 2.2 --> 3.4
Andrew Jeffery (1):
mdio-tools: Add virtual/kernel dependency to avoid stale SPDX reference
Armin Kuster (4):
netkit: Drop old and no upstream
MAINTANERS: drop netkit
README: drop netkit maintainer
pkggrp: drop netkit
Arthur Oliveira (5):
python3-objectpath: Add ObjectPath Python Recipe
python3-flask-restx: Add Flask-RestX Python Recipe
python3-zopeevent: Add Zope.Event Python Recipe
python3-aniso8601: Add ISO 8601 parsing library
python3-flask-restx: Switch dependency from isodate to aniso8601
Bartosz Golaszewski (5):
shunit2: new recipe
libgpiod: update to v2.1
python3-gpiod: update to v2.1.3
python3-gpiod: setup target config in ptest compile
python3-gpiod: fix the required version of libgpiod
Beniamin Sandu (2):
mbedtls: upgrade 3.4.1 -> 3.5.0
unbound: upgrade 1.18.0 -> 1.19.0
Benjamin Bouvier (1):
libsmi: enable native build
Carlos Alberto Lopez Perez (1):
libbacktrace: Update version and enable shared library.
Charles Perry (4):
libosip2: add recipe
libexosip2: add recipe
libexosip2: add c-ares and openssl PACKAGECONFIG
libexosip2: package binaries in a separate package
Chi Xu (1):
re2: Add ptest support
Christian Eggers (1):
python3-gcovr: switch to main branch
Christophe Vu-Brugier (1):
exfatprogs: upgrade 1.2.1 -> 1.2.2
Clément Péron (2):
proj: Upgrade to 9.3.0 release
pcapplusplus: Add recipe for 23.09 release
Daiane Angolini (1):
wireguard-tools: Use PACKAGECONFIG to select wg-quick and bash-completion
Daniel McGregor (1):
python3-pylint: allow native build
Daniel Semkowicz (2):
cockpit: Fix cockpit-askpass path
cockpit: Bump to version 304
David Pierret (3):
libtext: add ptest
cjson: Add ptest
python3-rapidjson: add missing ptest dependency
Edi Feschiyan (1):
libbytesize: update SRC_URI
Etienne Cordonnier (1):
uutils-coreutils: upgrade 0.0.21 -> 0.0.22
Fabien Thomas (2):
klibc/klibc.inc : Add DEBUG_PREFIX_MAP flag.
samba.bb : Disable ad-dc by default
Fabio Estevam (5):
edid-decode: Upgrade to latest master
openocd: Use https for github
python3-piccata: Use https for github
multipath-tools: Use https for github
crucible: Upgrade to 2023.11.02
Gianfranco Costamagna (3):
vbxguestdrivers: upgrade 7.0.10 -> 7.0.12
cpulimit: add DESCRIPTION field
dlt-daemon: cherry-pick another upstream-proposed patch
Hains van den Bosch (1):
libebml: Enable shared libraries
Jamin Lin (1):
Brotli: fix build failed if the path includes "-static"
Jan Claußen (1):
btop: Add recipe
Jan Vermaete (3):
netdata: chown in systemd service with ':' iso '.'
netdata: version bump 1.43.0 -> 1.43.2
README.md: was a Markdown paragraph and should be a list
Jeffrey Pautler (1):
apache2: add vendor to product name used for CVE checking
Joe Slater (2):
python3-pynacl: add RCONFLICTS with python3-nacl
python3-django: move to version 4.2.5
Johannes Kauffmann (1):
open62541: update to v1.3.8
Johnathan Mantey (1):
ipmitool: Update and eliminate unneeded patch
Jonas Gorski (1):
frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}
Jose Quaresma (4):
ostree: Upgrade 2023.5 -> 2023.6
ostree: drop trivial-httpd-cmdline
ostree: add ed25519-openssl
ostree: Upgrade 2023.6 -> 2023.7
Kai Kang (4):
xfce4-panel-profiles: 1.0.13 -> 1.0.14
python3-nacl: drop duplicate recipe
python3-blivet: 3.4.3 -> 3.8.2
python3-blivetgui: 2.3.0 -> 2.4.2
Khem Raj (209):
libnet-idn-encode: Fix build with perl 2.38 and gcc13
poco: Fix data race when create POSIX thread
static-group: Match nogroup id to base-passwd from core.
gutenprint: Upgrade to 5.3.4
meta-perl: Add libtext-diff-perl to fast ptest list
leveldb: Upgrade to 1.23 plus latest git
meta-python: Add python3-rapidjson to PTESTS_FAST_META_PYTHON
leveldb: Print uint64_t with PRI64
network-manager-applet,networkmanager-openvpn, networkmanager: Apply linker versioning patch when using lld only
emlog: Add PV
ccid: upgrade 1.5.2 -> 1.5.4
jack: upgrade 1.19.22 -> 2
abseil-cpp: upgrade 20230802.0 -> 20230802.1
xterm: upgrade 387 -> 388
toybox: upgrade 0.8.8 -> 0.8.10
pahole: upgrade 1.24 -> 1.25
gcab: upgrade 1.4 -> 1.6
feh: upgrade 3.10 -> 3.10.1
xmlsec1: upgrade 1.2.37 -> 1.3.2
xmlsec1: Fix the key name in verify2 test
ctags: upgrade 6.0.20231001.0 -> 6.0.20231029.0
googlebenchmark: upgrade 1.8.0 -> 1.8.3
opencl-headers: upgrade 04.17 -> 2023.04.17
thingsboard-gateway: upgrade 3.4.1 -> 3.4.2
neatvnc: upgrade 0.6.0 -> 0.7.0
lastlog2: upgrade 1.1.0 -> 1.2.0
libmbim: upgrade 1.30.0 -> 1.31.1
ser2net: upgrade 4.3.13 -> 4.5.0
fio: upgrade 3.32 -> 2022
libosinfo: upgrade 1.10 -> 1.11.0
webkitgtk3: upgrade 2.42.0 -> 2.42.1
mstpd: upgrade 0.1 -> 0.05
smarty: upgrade 4.3.0 -> 4.3.4
geos: upgrade 3.12.0 -> 3.12.0beta2
wtmpdb: upgrade 0.7.1 -> 0.9.3
lsscsi: upgrade 0.32 -> 030
glibmm-2.68: upgrade 2.74.0 -> 2.78.0
mcelog: upgrade 194 -> 196
libfastjson: upgrade 0.99.9 -> 1.2304.0
libraw: upgrade 0.20.2 -> 0.21.1
cairomm-1.16: upgrade 1.16.2 -> 1.18.0
libbpf: upgrade 1.2.0 -> 1.2.2
libtorrent: upgrade 0.13.8 -> 1
modemmanager: upgrade 1.22.0 -> 1.23.1
c-ares: upgrade 1.20.1 -> 1.21.0
pmdk: upgrade 1.12.1 -> 2.0.0
hwdata: upgrade 0.370 -> 0.375
mksh: upgrade 59 -> R59c
sdbus-c++: upgrade 1.3.0 -> 1.4.0
cjson: upgrade 1.7.15 -> 1.7.16
uftrace: upgrade 0.13.1 -> 0.14
python3-trustme: upgrade 0.9.0 -> 1.1.0
python3-eth-utils: upgrade 2.2.2 -> 2.3.0
python3-xstatic-font-awesome: upgrade 4.7.0.0 -> 6.2.1.1
python3-process-tests: upgrade 2.1.2 -> 3.0.0
python3-pyperf: upgrade 2.6.1 -> 2.6.2
python3-sentry-sdk: upgrade 1.26.0 -> 1.34.0
python3-websockets: upgrade 11.0.3 -> 12.0
python3-alembic: upgrade 1.12.0 -> 1.12.1
python3-pymisp: upgrade 2.4.176 -> 2.4.178
python3-traitlets: upgrade 5.11.2 -> 5.13.0
python3-pytest-mock: upgrade 3.11.1 -> 3.12.0
python3-kivy: upgrade 2.1.0 -> 2.2.1
python3-web3: upgrade 6.11.1 -> 6.11.2
python3-m2crypto: upgrade 0.39.0 -> 0.40.1
python3-rapidjson: upgrade 1.12 -> 1.13
python3-eth-typing: upgrade 3.5.0 -> 3.5.1
python3-email-validator: upgrade 2.0.0 -> 2.1.0
python3-icu: upgrade 2.11 -> 2.12
python3-virtualenv: upgrade 20.24.5 -> 20.24.6
python3-tzlocal: upgrade 5.1 -> 5.2
python3-cantools: upgrade 39.2.0 -> 39.3.0
python3-flask-login: upgrade 0.6.2 -> 0.6.3
python3-argcomplete: upgrade 3.1.2 -> 3.1.4
python3-wxgtk4: upgrade 4.2.0 -> 4.2.1
python3-meson-python: upgrade 0.14.0 -> 0.15.0
python3-pymongo: upgrade 4.5.0 -> 4.6.0
python3-imgtool: upgrade 1.10.0 -> 2.0.0
python3-google-api-python-client: upgrade 2.104.0 -> 2.106.0
python3-tornado: upgrade 6.3 -> 6.3.3
python3-imageio: upgrade 2.31.5 -> 2.31.6
python3-blinker: upgrade 1.6.3 -> 1.7.0
python3-pyhamcrest: upgrade 2.0.4 -> 2.1.0
python3-pytest-asyncio: upgrade 0.21.1 -> 0.22.0
python3-pyjwt: upgrade 2.7.0 -> 2.8.0
python3-bitstruct: upgrade 8.18.0 -> 8.19.0
python3-filelock: upgrade 3.12.4 -> 3.13.1
python3-sqlalchemy: upgrade 2.0.22 -> 2.0.23
python3-greenlet: upgrade 2.0.2 -> 3.0.1
python3-charset-normalizer: upgrade 3.3.0 -> 3.3.2
python3-cbor2: upgrade 5.4.6 -> 5.5.1
python3-cbor2: Add missing hypothesis rdep for ptests
python3-asttokens: upgrade 2.4.0 -> 2.4.1
python3-xlsxwriter: upgrade 3.1.8 -> 3.1.9
python3-cachetools: upgrade 5.3.1 -> 5.3.2
python3-paramiko: upgrade 3.2.0 -> 3.3.1
python3-tomlkit: upgrade 0.12.1 -> 0.12.2
python3-eth-account: upgrade 0.9.0 -> 0.10.0
python3-reedsolo: upgrade 1.7.0 -> 2.0.13
python3-shellingham: upgrade 1.5.3 -> 1.5.4
python3-ipython: upgrade 8.16.1 -> 8.17.2
python3-argh: upgrade 0.29.4 -> 0.30.3
python3-executing: upgrade 2.0.0 -> 2.0.1
python3-pylint: upgrade 3.0.1 -> 3.0.2
python3-google-auth: upgrade 2.23.3 -> 2.23.4
libtest-harness-perl: upgrade 3.47 -> 3.48
libmodule-build-tiny-perl: upgrade 0.046 -> 0.047
libdbd-sqlite-perl: upgrade 1.72 -> 1.74
libconfig-tiny-perl: upgrade 2.29 -> 2.30
libcgi-perl: upgrade 4.57 -> 4.60
ipset: upgrade 7.15 -> 7.19
openvpn: upgrade 2.6.3 -> 2.6.6
nng: upgrade 1.5.2 -> 12
usrsctp: upgrade to latest revision
python3-scapy: upgrade to latest revision
wolfssl: upgrade 5.5.4 -> 5.6.4
tnftp: upgrade 20210827 -> 20230507
fluidsynth: upgrade 2.3.2 -> 2.3.4
libuvc: upgrade 0.0.6 -> 0.0.7
libdc1394: upgrade 2.2.6 -> 2.2.7
ncmpc: upgrade 0.47 -> 0.49
gerbera: upgrade 1.11.0 -> 1.12.1
gst-shark: upgrade 0.7.3.1 -> 0.8.1
gupnp-av: upgrade 0.14.0 -> 0.14.1
libmediaart-2.0: upgrade 1.9.5 -> 1.9.6
libdvbpsi: upgrade 1.3.0 -> 1.3.3
fdk-aac: upgrade 2.0.1 -> 2.0.2
libavif: upgrade 0.11.1 -> 1.0.1
libdvdcss: upgrade 1.4.2 -> 1.4.3
aom: upgrade 3.6.1 -> 3.7.0
aom: Disable neon when building on arm
dav1d: upgrade 1.2.0 -> 1.3.0
network-manager-applet: upgrade 1.32.0 -> 1.34.0
gvfs: upgrade 1.52.0 -> 1.52.1
gnome-text-editor: upgrade 45.0 -> 45.1
libwacom: upgrade 2.6.0 -> 2.8.0
evolution-data-server: upgrade 3.50.0 -> 3.50.1
orage: upgrade 4.16.0 -> 4.18.0
xfce4-systemload-plugin: upgrade 1.3.1 -> 1.3.2
xfce4-screenshooter: upgrade 1.10.3 -> 1.10.4
xfce4-appfinder: upgrade 4.18.0 -> 4.19.1
xfce4-netload-plugin: upgrade 1.4.0 -> 1.4.1
thunar-shares-plugin: upgrade 0.3.1 -> 0.3.2
xfce4-battery-plugin: upgrade 1.1.4 -> 1.1.5
xfce4-places-plugin: upgrade 1.8.1 -> 1.8.3
libxfce4util: upgrade 4.18.1 -> 4.19.2
xfce4-notes-plugin: upgrade 1.9.0 -> 1.10.0
xfce4-weather-plugin: upgrade 0.11.0 -> 0.11.1
thunar: upgrade 4.18.4 -> 4.19.0
catfish: upgrade 4.16.3 -> 4.18.0
xfce4-time-out-plugin: upgrade 1.1.2 -> 1.1.3
thunar-archive-plugin: upgrade 0.5.1 -> 0.5.2
xfce4-timer-plugin: upgrade 1.7.1 -> 1.7.2
xfce4-calculator-plugin: upgrade 0.7.1 -> 0.7.2
xfmpc: upgrade 0.3.0 -> 0.3.1
garcon: upgrade 4.18.1 -> 4.19.0
xfce4-genmon-plugin: upgrade 4.1.1 -> 4.2.0
xfce4-fsguard-plugin: upgrade 1.1.2 -> 1.1.3
xfce4-cpugraph-plugin: upgrade 1.2.7 -> 1.2.8
parole: upgrade 4.16.0 -> 4.18.0
xfce4-datetime-plugin: upgrade 0.8.1 -> 0.8.3
menulibre: upgrade 2.2.3 -> 2.3.2
xfce4-pulseaudio-plugin: upgrade 0.4.3 -> 0.4.8
libxfce4ui: upgrade 4.18.3 -> 4.19.3
xfce4-taskmanager: upgrade 1.5.5 -> 1.5.6
xfce4-mpc-plugin: upgrade 0.5.2 -> 0.5.3
mousepad: upgrade 0.5.9 -> 0.6.1
gigolo: upgrade 0.5.2 -> 0.5.3
xfce4-verve-plugin: upgrade 2.0.1 -> 2.0.3
exo: upgrade 4.18.0 -> 4.19.0
xfce4-mailwatch-plugin: upgrade 1.3.0 -> 1.3.1
xarchiver: upgrade 0.5.4.17 -> 0.5.4.21
xfsprogs: upgrade 6.1.1 -> 6.5.0
xfstests: upgrade 2023.03.05 -> 2023.10.29
xfstests: Fix build with clang17
xfstests: Fix build on musl
ufs-utils: upgrade to latest revision
xfce4-systemload-plugin: Fix build on 32bit machines
libsodium: upgrade 1.0.18 -> 1.0.19
libsodium: Fix build with clang on aarch64
Revert "modemmanager: upgrade 1.22.0 -> 1.23.1"
modemmanager: inherit upstream-version-is-even
Revert "geos: upgrade 3.12.0 -> 3.12.0beta2"
emlog: Drop SRCPV
makedumpfile: Change COMPATIBLE_HOST check to exclude unsupported arches
packagegroup-meta-oe: Update makedumpfile architecture support list
gupnp: Add missing rdep on python3-core
vte9: Upgrade to 0.74.1
rygel: Upgrade to 0.40.4 -> 0.42.4
vte9: Add knob for enabling systemd
meta-networking: Use autotools make system
meta-oe: Use autotools make system
toscoterm: Skip recipe, slated for removal
loudmouth: Upgrade to 1.5.4
toscoterm: Delete recipe
librest: Use autotools make system
cannelloni: Fix build with clang and libc++ runtime
gnome-console: Add missing dependency on gtk4-native
gnome-terminal: Add missing dependency on libhandy
dleyna-core: Update to tip of master
dleyna: Skip all dleyna recipes, slated for removal
packagegroup-meta-multimedia: Remove dleyna recipes
beep: Upgrade to 1.4.12
yelp: Use autotools for build system
gstd: Upgrade to 0.15.0
gimp: Update to 2.10.36
projucer: Refresh patch to apply cleanly
ledmon: Fix systemd unit install
libxml++-5.0: Make use of gnomebase bbclass
LI Qingwu (1):
kmsxx: Add recipe
Lei Maohui (1):
gexiv2: Fix do_package QA issue when usrmerge enabled.
Leon Anavi (32):
sip: upgrade 6.7.11 -> 6.7.12
python3-rarfile: add recipe
python3-colorclass: add recipe
python3-inflate64: add recipe
python3-jsbeautifier: add recipe
python3-pymemcache: add recipe
python3-multivolumefile: add recipe
python3-oletools: add recipe
python3-olefile: add recipe
python3-pcodedmp: add recipe
python3-screeninfo: add recipe
python3-unoconv: add recipe
python3-pybcj: add recipe
python3-pyppmd: add recipe
python3-py7zr: add recipe
python3-wand: add recipe
python3-pdm-backend: add recipe
python3-pdm: add recipe
python3-jsonref: Upgrade 1.0.1 -> 1.1.0
imlib2: Upgrade 1.7.1 -> 1.12.1
libblockdev: Upgrade 3.0.3 -> 3.0.4
exiftool: add recipe
bindfs: add recipe
qpdf: Update 10.6.3 -> 11.6.3
python3-file-magic: add recipe
python3-wrapt: Upgrade 1.15.0 -> 1.16.0
python3-bitarray: Upgrade 2.8.2 -> 2.8.3
python3-pillow: Upgrade 10.0.1 -> 10.1.0
python3-polyline: upgrade 1.4.0 -> 2.0.1
python3-py7zr: Upgrade 0.20.7 -> 0.20.8
python3-zeroconf: upgrade 0.120.0 -> 0.126.0
python3-pystemd: upgrade 0.10.0 -> 0.13.2
Luca Fancellu (5):
linuxptp: update linuxptp recipe to 4.1
linuxptp: install default configuration file in sysconfdir
linuxptp: add systemd services
linuxptp: Drop unneeded downstream patches
linuxptp: Use templates for the systemd services
Marek Vasut (2):
lvgl: lv-drivers: Allow empty package
lvgl: Allow empty package
Markus Fuchs (1):
remove unused AUTHOR variable
Markus Volk (52):
libdecor: Upgrade 0.1.99 -> 0.2.0
wireplumber: Upgrade 0.4.14 -> 0.4.15
pipewire: Update 0.3.81 -> 0.3.83
gnome-software: Update 45.0 -> 45.1
gnome-calendar: Update 45.0 -> 45.1
gnome-disk-utility: Update 44.0 -> 45.0
gnome-control-center: Update 45.0 -> 45.1
eog: Update 45.0 -> 45.1
gnome-remote-desktop: Update 45.0 -> 45.1
gnome-shell: Add missing dependency on pipewire
gnome-shell: Remove deprecated libcroco dependency
openbox: Drop deprecated libcroco dependency
pipewire: Update 0.3.83 -> 0.3.84
tracker-miners: Upgrade 3.6.0 -> 3.6.2
libgweather4: Upgrade 4.2.0 -> 4.4.0
gtksourceview5: Upgrade 5.7.1 -> 5.10.0
openal-soft: Upgrade 1.20.1 -> 1.23.1
gnome-shell: Upgrade 45.0 -> 45.1
mutter: Upgrade 45.0 -> 45.1
dconf-editor: Upgrade 43 -> 45.0.1
libgsf: Upgrade 1.14.50 -> 1.14.51
xdg-desktop-portal: Upgrade 1.18.0 -> 1.18.1
xdg-desktop-portal-gtk: Upgrade 1.14.1 -> 1.15.1
rest: Upgrade 0.9.0 -> 0.9.1
nv-codec-headers: Upgrade 12.0.16.0 -> 12.1.14.0
webp-pixbuf-loader: Upgrade 0.2.4 -> 0.2.5
libchamplain: Upgrade 0.12.20 -> 0.12.21
rest: Add packageconfigs for examples and tests
gssdp: Fix build with api-documentation enabled
gupnp: Upgrade 0.10.2 -> 0.12.1
Gupnp-tools upgrade 0.10.2 -> 0.12.1
gupnp-idg: Upgrade 1.2.0 -> 1.6.0
gssdp: Upgrade 1.4.0.1 -> 1.6.3
ghex: Upgrade 3.18.4 -> 45.0
Adjust vala build according to changes in vala.bbclass
drop GNOMEBASEBUILDCLASS = "meson"
gnome-shell-extensions: Upgrade 44.1 -> 45.1
cups-filters: Fix for current gcc
gnome-console: Add recipe
vte9: Fix build with api-documentation enabled
gnome-terminal: Upgrade 3.48.1 -> 3.50.1
cups-filters: Upgrade 1.28.17 -> 2.0.0
gnome-terminal: Remove recommendation on vte-prompt
ghex: backport patch to fix build for clang
qpdf: cleanup
gtksourceview4: Upgrade 4.8.2 -> 4.8.4
gnome-control-center: Add rdepends
system-config-printer: Add cups to rdepends
pipewire: Upgrade 0.3.84 -> 0.3.85
flatpak: Upgrade 1.15.4 -> 1.15.6
flatpak: Add packageconfigs for man and docbook docs
musicpd: unbreak build with ffmpeg 6.1
Martin Jansa (12):
nodejs: update to latest v20 version 20.8.1
nodejs: Revert io_uring support from bundled libuv-1.46.0
opencv: refresh protobuf-v22 compatibility patch with backported version
leveldb: prevent installing gtest
android-tools: drop ${PE}, ${PR} from /usr/src/debug paths
minifi-cpp: drop ${PE}, ${PR} from /usr/src/debug paths
xmlrcp-c: drop ${PE}, ${PR} from /usr/src/debug paths
fluentbit: drop ${PE}, ${PR} from /usr/src/debug paths
ntpsec, net-snmp: drop ${PE}, ${PR} from /usr/src/debug paths
aom, x265: drop ${PE}, ${PR} from /usr/src/debug paths
python3-{h5py,pandas}: drop ${PE}, ${PR} from /usr/src/debug paths
evince, gnome-calendar, tracker: drop ${PE}, ${PR} from /usr/src/debug paths
Martin Maurer (1):
libqmi: Upgrade 1.32.4 -> 1.34.0
Matthias Klein (1):
paho-mqtt-c: upgrade 1.3.12 -> 1.3.13
Mingli Yu (3):
vboxguestdrivers: Remove the buildpath
nlohmann-json: Add ptest support
ptest-packagelists-meta-oe.inc: Add nlohmann-json
Peter Kjellerstedt (18):
libwebsockets: Support building for native
mosquitto: Support building for native again
jack: Revert to 1.9.22
pahole: Correct the version in the recipe file name
neatvnc: Specify the version in the recipe file name
mstpd: Update to 0.1.0+
Revert "libtorrent: upgrade 0.13.8 -> 1"
libtorrent: Add UPSTREAM_CHECK_GITTAGREGEX
mksh: Update to 59c properly
fluidsynth: Specify the version in the recipe file name
libuvc: Specify the version in the recipe file name
gst-shark: Update to 0.8.1 properly
xarchiver: Specify the version in the recipe file name
python3-kivy: Move a comment so it makes more sense
python3-greenlet: Avoid duplicate URI in SRC_URI
python3-pylint: Only set SRCREV once
python3-pytest-mock: Only set SRCREV once
zeromq: Update to 4.3.5
Peter Marko (1):
grpc: Upgrade 1.56.2 -> 1.59.2
Petr Gotthard (2):
libmbim: upgrade 1.28.4 -> 1.30.0
modemmanager: upgrade 1.20.6 -> 1.22.0
Poonam Jadhav (1):
sdbus-c++: Update ptest path
Potin Lai (2):
libplist: Upgrade to latest master
idevicerestore: Upgrade to latest master
Richard Purdie (4):
meta-python: Drop broken BBCLASSEXTEND variants
meta-oe: Drop broken BBCLASSEXTEND variants
meta-networking: Drop broken BBCLASSEXTEND variants
meta-perl: Drop broken BBCLASSEXTEND variants
Ross Burton (1):
yajl: fix CVE-2017-16516, CVE-2022-24795, CVE-2023-33460
Sam Van Den Berge (1):
netdata: Upgrade 1.36.1 -> 1.43.0
Samuli Piippo (2):
abseil-cpp: fix mingw build
protobuf: stage protoc binary to sysroot
Thomas Gessler (1):
influxdb: Add start script used by systemd service
Tim Orling (2):
po4a: remove old recipe
debsums: remove old recipe
Trevor Gamblin (5):
python-git-pw: add from meta-patchtest
python3-py-cpuinfo: disable broken ptests
python3-arrow: add from meta-patchtest
python3-pytest-mock: disable broken ptests
meta-python: update ptests status for py-cpuinfo, pytest-mock
Wang Mingyu (149):
dnf-plugin-tui: create symlinks from /usr/ to /.
c-ares: upgrade 1.19.1 -> 1.20.1
adw-gtk3: upgrade 4.9 -> 5.1
ctags: upgrade 6.0.20230917.0 -> 6.0.20231001.0
dialog: upgrade 1.3-20230209 -> 1.3-20231002
freerdp: upgrade 2.11.1 -> 2.11.2
gnome-backgrounds: upgrade 44.0 -> 45.0
gnome-calculator: upgrade 45.0 -> 45.0.2
gnome-font-viewer: upgrade 44.0 -> 45.0
ipc-run: upgrade 20220807.0 -> 20231003.0
libbytesize: upgrade 2.9 -> 2.10
libcoap: upgrade 4.3.3 -> 4.3.4
libyang: upgrade 2.1.111 -> 2.1.128
lvgl: upgrade 8.3.9 -> 8.3.10
metacity: upgrade 3.46.1 -> 3.50.0
nautilus: upgrade 45.0 -> 45.1
ceres-solver: upgrade 2.1.0 -> 2.2.0
python3-eth-abi: upgrade 3.0.1 -> 4.2.1
python3-mypy: upgrade 1.5.1 -> 1.6.1
python3-pylint: upgrade 3.0.0 -> 3.0.1
python3-aiodns: upgrade 3.0.0 -> 3.1.1
python3-aiohttp: upgrade 3.8.5 -> 3.8.6
python3-astroid: upgrade 3.0.0 -> 3.0.1
python3-bitarray: upgrade 2.8.1 -> 2.8.2
python3-bitstruct: upgrade 8.17.0 -> 8.18.0
python3-blinker: upgrade 1.6.2 -> 1.6.3
python3-charset-normalizer: upgrade 3.2.0 -> 3.3.0
python3-cmake: upgrade 3.27.5 -> 3.27.7
python3-coverage: upgrade 7.3.1 -> 7.3.2
python3-croniter: upgrade 1.4.1 -> 2.0.1
python3-dbus-fast: upgrade 1.85.0 -> 2.12.0
python3-email-validator: upgrade 1.3.1 -> 2.0.0
python3-engineio: upgrade 4.7.1 -> 4.8.0
python3-eth-typing: upgrade 3.4.0 -> 3.5.0
python3-eth-utils: upgrade 2.2.1 -> 2.2.2
python3-executing: upgrade 1.2.0 -> 2.0.0
python3-flask-babel: upgrade 3.1.0 -> 4.0.0
python3-flask-jwt-extended: upgrade 4.5.2 -> 4.5.3
python3-google-api-python-client: upgrade 2.101.0 -> 2.104.0
python3-googleapis-common-protos: upgrade 1.60.0 -> 1.61.0
python3-google-auth: upgrade 2.23.1 -> 2.23.3
python3-h5py: upgrade 3.9.0 -> 3.10.0
python3-huey: upgrade 2.4.5 -> 2.5.0
python3-imageio: upgrade 2.31.3 -> 2.31.5
python3-ipython: upgrade 8.15.0 -> 8.16.1
python3-jedi: upgrade 0.19.0 -> 0.19.1
python3-meson-python: upgrade 0.13.1 -> 0.14.0
python3-msgpack: upgrade 1.0.6 -> 1.0.7
python3-platformdirs: upgrade 3.10.0 -> 3.11.0
python3-prompt-toolkit: upgrade 3.0.36 -> 3.0.39
python3-protobuf: upgrade 4.24.3 -> 4.24.4
python3-pycares: upgrade 4.3.0 -> 4.4.0
python3-pycodestyle: upgrade 2.11.0 -> 2.11.1
python3-pydantic: upgrade 2.4.1 -> 2.4.2
python3-pyephem: upgrade 4.1.4 -> 4.1.5
python3-pytest-timeout: upgrade 2.1.0 -> 2.2.0
python3-rapidjson: upgrade 1.11 -> 1.12
python3-regex: upgrade 2023.8.8 -> 2023.10.3
python3-rich: upgrade 13.5.3 -> 13.6.0
python3-schedule: upgrade 1.2.0 -> 1.2.1
python3-semver: upgrade 3.0.1 -> 3.0.2
python3-simplejson: upgrade 3.19.1 -> 3.19.2
python3-socketio: upgrade 5.9.0 -> 5.10.0
python3-sqlalchemy: upgrade 2.0.21 -> 2.0.22
python3-stack-data: upgrade 0.6.2 -> 0.6.3
python3-texttable: upgrade 1.6.7 -> 1.7.0
python3-traitlets: upgrade 5.10.1 -> 5.11.2
python3-types-psutil: upgrade 5.9.5.16 -> 5.9.5.17
python3-tzlocal: upgrade 5.0.1 -> 5.1
python3-web3: upgrade 6.10.0 -> 6.11.1
python3-websocket-client: upgrade 1.6.3 -> 1.6.4
python3-xlsxwriter: upgrade 3.1.3 -> 3.1.8
python3-xxhash: upgrade 3.3.0 -> 3.4.1
python3-zeroconf: upgrade 0.112.0 -> 0.119.0
python3-zopeinterface: upgrade 6.0 -> 6.1
rdma-core: upgrade 47.0 -> 48.0
redis: upgrade 7.2.1 -> 7.2.2
remmina: upgrade 1.4.32 -> 1.4.33
tesseract: upgrade 5.3.2 -> 5.3.3
thingsboard-gateway: upgrade 3.3 -> 3.4.1
tio: upgrade 2.6 -> 2.7
wireshark: upgrade 4.0.8 -> 4.0.10
xterm: upgrade 384 -> 387
zchunk: upgrade 1.3.1 -> 1.3.2
hdf5: Fix install conflict when enable multilib.
dnf-plugin-tui: Recover BBCLASSEXTEND variants
gensio: upgrade 2.7.6 -> 2.7.7
hwdata: upgrade 0.375 -> 0.376
libio-socket-ssl-perl: upgrade 2.083 -> 2.084
makedumpfile: upgrade 1.7.3 -> 1.7.4
gnome-remote-desktop: move from meta-virtualization to meta-security
ctags: upgrade 6.0.20231029.0 -> 6.0.20231105.0
function2: upgrade 4.2.3 -> 4.2.4
neatvnc: upgrade 0.7.0 -> 0.7.1
python3-argh: upgrade 0.30.3 -> 0.30.4
python3-geojson: upgrade 3.0.1 -> 3.1.0
python3-imageio: upgrade 2.31.6 -> 2.32.0
python3-inflate64: upgrade 0.3.1 -> 1.0.0
python3-jsbeautifier: upgrade 1.14.9 -> 1.14.11
python3-lru-dict: upgrade 1.2.0 -> 1.3.0
python3-python-vlc: upgrade 3.0.18122 -> 3.0.20123
python3-zeroconf: upgrade 0.119.0 -> 0.120.0
c-ares: upgrade 1.21.0 -> 1.22.0
ctags: upgrade 6.0.20231105.0 -> 6.0.20231112.0
libencode-perl: upgrade 3.19 -> 3.20
bindfs: upgrade 1.17.5 -> 1.17.6
python3-hexbytes: upgrade 0.3.1 -> 1.0.0
python3-linux-procfs: upgrade 0.7.1 -> 0.7.3
openvpn: upgrade 2.6.6 -> 2.6.7
python3-argcomplete: upgrade 3.1.4 -> 3.1.6
python3-awesomeversion: upgrade 23.8.0 -> 23.11.0
python3-dbus-fast: upgrade 2.12.0 -> 2.14.0
python3-eth-typing: upgrade 3.5.1 -> 3.5.2
python3-eth-utils: upgrade 2.3.0 -> 2.3.1
python3-geomet: upgrade 1.0.0 -> 1.1.0
python3-google-api-core: upgrade 2.12.0 -> 2.14.0
python3-google-api-python-client: upgrade 2.106.0 -> 2.108.0
python3-mypy: upgrade 1.6.1 -> 1.7.0
python3-platformdirs: upgrade 3.11.0 -> 4.0.0
python3-prompt-toolkit: upgrade 3.0.39 -> 3.0.41
python3-pyaudio: upgrade 0.2.13 -> 0.2.14
python3-pydantic: upgrade 2.4.2 -> 2.5.0
python3-pymetno: upgrade 0.11.0 -> 0.12.0
python3-pytest-xdist: upgrade 3.3.1 -> 3.4.0
python3-sentry-sdk: upgrade 1.34.0 -> 1.35.0
python3-tomlkit: upgrade 0.12.2 -> 0.12.3
python3-types-setuptools: upgrade 68.2.0.0 -> 68.2.0.1
python3-web3: upgrade 6.11.2 -> 6.11.3
python3-zeroconf: upgrade 0.126.0 -> 0.127.0
ser2net: upgrade 4.5.0 -> 4.5.1
uftp: upgrade 5.0.1 -> 5.0.2
webkitgtk3: upgrade 2.42.1 -> 2.42.2
imlib2: delete non-existent file
c-ares: upgrade 1.22.0 -> 1.22.1
ctags: upgrade 6.0.20231112.0 -> 6.0.20231119.0
exiftool: upgrade 12.69 -> 12.70
gnome-bluetooth: upgrade 42.6 -> 42.7
libextutils-cppguess-perl: upgrade 0.26 -> 0.27
libwebsockets: upgrade 4.3.2 -> 4.3.3
python3-aiohttp: upgrade 3.8.6 -> 3.9.0
python3-dateparser: upgrade 1.1.8 -> 1.2.0
python3-django: upgrade 4.2.5 -> 4.2.7
python3-imageio: upgrade 2.32.0 -> 2.33.0
python3-ldap: upgrade 3.4.3 -> 3.4.4
python3-pastedeploy: upgrade 3.0.1 -> 3.1.0
python3-pdm: upgrade 2.10.1 -> 2.10.3
python3-pydantic: upgrade 2.5.0 -> 2.5.1
python3-rich: upgrade 13.6.0 -> 13.7.0
strongswan: upgrade 5.9.11 -> 5.9.12
Yi Zhao (6):
samba: upgrade 4.18.6 -> 4.18.8
samba: use external cmocka instead of bundled cmocka
libtevent: fix ptest
libldb: add ptest
conntrack-tools: upgrade 1.4.7 -> 1.4.8
nftables: upgrade 1.0.8 -> 1.0.9
Yoann Congal (5):
emlog: ignore CVE-2022-3968 & CVE-2023-43291
juce/projucer: Backport a fix for the compilation under recent GCC
meta-oe/static-ids: Change postgres to 28 to match forced id in recipe
static-id: add missing netdata group
python3-soupsieve: Break circular dependency with beautifulsoup4
Zoltán Böszörményi (3):
python3-ninja-syntax: Set BBCLASSEXTEND = "native nativesdk"
python3-ninja: Set BBCLASSEXTEND = "native nativesdk"
geos: Fix packaging
alperak (39):
xdebug: upgrade 3.2.0 -> 3.2.2
catch2: upgrade 2.13.7 -> 2.13.10
tuna: upgrade 0.18 -> 0.19
libsrtp: upgrade 2.4.2 -> 2.5.0
libupnp: upgrade 1.14.6 -> 1.14.18
libisofs: upgrade 1.5.4 -> 1.5.6
libisoburn: 1.5.4 -> 1.5.6
fuse-exfat: upgrade 1.3.0 -> 1.4.0
fuse3: upgrade 3.15.1 -> 3.16.2
ufs-utils: upgrade 3.12.3 -> 4.13.5
libebml: upgrade 1.3.0 -> 1.4.4
libmatroska: upgrade 1.4.1 -> 1.7.1
libde265: upgrade 1.0.5 -> 1.0.12
libopenmpt: upgrade 0.6.2 -> 0.7.3
mpd: upgrade 0.23.12 -> 0.23.14
opencore-amr: upgrade 0.1.3 -> 0.1.6
tinyalsa: upgrade 1.1.1 -> 2.0.0
cannelloni: upgrade 1.0.0 -> 1.1.0
civetweb: upgrade 1.12 -> 1.16
libdnet: upgrade 1.16.3 -> 1.17.0
openfortivpn: upgrade 1.20.5 -> 1.21.0
fuse-exfat: Dropped md5sum
libopenmpt: Added license change reason and dropped md5sum
bolt: upgrade 0.9.5 -> 0.9.6
irssi: upgrade 1.4.4 -> 1.4.5
libmtp: upgrade 1.1.20 -> 1.1.21
libsigc++-2.0: upgrade 2.10.7 -> 2.12.1
libsigc++-3: upgrade 3.2.0 -> 3.6.0
ocl-icd: upgrade 2.3.1 -> 2.3.2
opencl-icd-loader: upgrade v2022.01.04 -> v2023.04.17
uutils-coreutils: upgrade 0.0.22 -> 0.0.23
botan: upgrade 2.19.3 -> 3.2.0
capnproto: upgrade 0.10.4 -> 1.0.1
cloc: upgrade 1.94 -> 1.98
cpuid: upgrade 20211129 -> 20230614
gst-editing-services: upgrade 1.20.5 -> 1.22.7
luaposix: upgrade 35.1 -> 36.2.1
mercurial: upgrade 6.1 -> 6.5
ledmon: upgrade 0.93 -> 0.97
skandigraun (1):
libvpx: don't specify armv5 and armv6 toolchains explicitly
meta-security: 3f7d40b0fc..070a1e82cc:
Gowtham Suresh Kumar (1):
Update parsec recipes
Mingli Yu (1):
samhain: remove the buildpath
Stefan Berger (1):
ima,evm: Add two variables to write filenames and signatures into
Change-Id: Ib809aa0df4162c50a06c542a94a0b06cdc149a2d
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch
index 9c1d781..58ba2af 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch
@@ -4,7 +4,7 @@
Subject: [PATCH] Handle logging syscall
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Inappropriate [Other]
+Upstream-Status: Pending [upstreamed differently in 280b6a3]
---
core/arch/arm/kernel/spmc_sp_handler.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0002-plat-n1sdp-add-N1SDP-platform-support.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0002-plat-n1sdp-add-N1SDP-platform-support.patch
index 50283db..29623b0 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0002-plat-n1sdp-add-N1SDP-platform-support.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0002-plat-n1sdp-add-N1SDP-platform-support.patch
@@ -50,8 +50,8 @@
+CFG_CORE_HEAP_SIZE = 0x32000 # 200kb
+
+CFG_TEE_CORE_NB_CORE = 4
-+CFG_TZDRAM_START ?= 0x08000000
-+CFG_TZDRAM_SIZE ?= 0x02008000
++CFG_TZDRAM_START ?= 0xDE000000
++CFG_TZDRAM_SIZE ?= 0x02000000
+
+CFG_SHMEM_START ?= 0x83000000
+CFG_SHMEM_SIZE ?= 0x00210000
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-HACK-disable-instruction-cache-and-data-cache.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-HACK-disable-instruction-cache-and-data-cache.patch
deleted file mode 100644
index ebe4d72..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-HACK-disable-instruction-cache-and-data-cache.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-From 0c3ce4c09cd7d2ff4cd2e62acab899dd88dc9514 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Wed, 20 Jul 2022 16:45:59 +0100
-Subject: [PATCH] HACK: disable instruction cache and data cache.
-
-For some reason, n1sdp fails to boot with instruction cache and
-data cache enabled. This is a temporary change to disable I cache
-and D cache until a proper fix is found.
-
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
-diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S
-index 875b6e69..594d6928 100644
---- a/core/arch/arm/kernel/entry_a64.S
-+++ b/core/arch/arm/kernel/entry_a64.S
-@@ -52,7 +52,7 @@
-
- .macro set_sctlr_el1
- mrs x0, sctlr_el1
-- orr x0, x0, #SCTLR_I
-+ bic x0, x0, #SCTLR_I
- orr x0, x0, #SCTLR_SA
- orr x0, x0, #SCTLR_SPAN
- #if defined(CFG_CORE_RWDATA_NOEXEC)
-@@ -490,11 +490,11 @@ LOCAL_FUNC enable_mmu , : , .identity_map
- isb
-
- /* Enable I and D cache */
-- mrs x1, sctlr_el1
-+ /* mrs x1, sctlr_el1
- orr x1, x1, #SCTLR_I
- orr x1, x1, #SCTLR_C
- msr sctlr_el1, x1
-- isb
-+ isb */
-
- /* Adjust stack pointers and return address */
- msr spsel, #1
---
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-Handle-logging-syscall.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-Handle-logging-syscall.patch
similarity index 94%
rename from meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-Handle-logging-syscall.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-Handle-logging-syscall.patch
index 9d305ad..0955d99 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-Handle-logging-syscall.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-Handle-logging-syscall.patch
@@ -1,4 +1,4 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Pending [upstreamed differently in 280b6a3]
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
From b3fde6c2e1a950214f760ab9f194f3a6572292a8 Mon Sep 17 00:00:00 2001
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-plat-n1sdp-register-DRAM1-to-optee-os.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-plat-n1sdp-register-DRAM1-to-optee-os.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0006-plat-n1sdp-add-external-device-tree-base-and-size.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-add-external-device-tree-base-and-size.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0006-plat-n1sdp-add-external-device-tree-base-and-size.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-add-external-device-tree-base-and-size.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.18.0.bb
deleted file mode 100644
index ea7b65c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.18.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require recipes-security/optee/optee-client.inc
-
-SRCREV = "e7cba71cc6e2ecd02f412c7e9ee104f0a5dffc6f"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.22.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.22.0.bb
new file mode 100644
index 0000000..904c256
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.22.0.bb
@@ -0,0 +1,7 @@
+require recipes-security/optee/optee-client.inc
+
+SRCREV = "8533e0e6329840ee96cf81b6453f257204227e6c"
+
+inherit pkgconfig
+DEPENDS += "util-linux"
+EXTRA_OEMAKE += "PKG_CONFIG=pkg-config"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.22.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.22.0.bb
new file mode 100644
index 0000000..f082a25
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.22.0.bb
@@ -0,0 +1,3 @@
+require recipes-security/optee/optee-examples.inc
+
+SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch
deleted file mode 100644
index 862a76b..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 63445958678b58c5adc7eca476b216e5dc0f4195 Mon Sep 17 00:00:00 2001
-From: Jerome Forissier <jerome.forissier@linaro.org>
-Date: Tue, 23 Aug 2022 11:41:00 +0000
-Subject: [PATCH] core, ldelf: link: add -z execstack
-
-When building for arm32 with GNU binutils 2.39, the linker outputs
-warnings when generating some TEE core binaries (all_obj.o, init.o,
-unpaged.o and tee.elf) as well as ldelf.elf:
-
- arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack
- arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
-
-The permissions used when mapping the TEE core stacks do not depend on
-any metadata found in the ELF file. Similarly when the TEE core loads
-ldelf it already creates a non-executable stack regardless of ELF
-information. Therefore we can safely ignore the warnings. This is done
-by adding the '-z execstack' option.
-
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
----
- core/arch/arm/kernel/link.mk | 13 +++++++++----
- ldelf/link.mk | 3 +++
- 2 files changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index c39d43cbfc5b..0e96e606cd9d 100644
---- a/core/arch/arm/kernel/link.mk
-+++ b/core/arch/arm/kernel/link.mk
-@@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d
-
- AWK = awk
-
-+link-ldflags-common += $(call ld-option,--no-warn-rwx-segments)
-+ifeq ($(CFG_ARM32_core),y)
-+link-ldflags-common += $(call ld-option,--no-warn-execstack)
-+endif
-+
- link-ldflags = $(LDFLAGS)
- ifeq ($(CFG_CORE_ASLR),y)
- link-ldflags += -pie -Bsymbolic -z norelro $(ldflag-apply-dynamic-relocs)
-@@ -31,7 +36,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
- link-ldflags += --sort-section=alignment
- link-ldflags += --fatal-warnings
- link-ldflags += --gc-sections
--link-ldflags += $(call ld-option,--no-warn-rwx-segments)
-+link-ldflags += $(link-ldflags-common)
-
- link-ldadd = $(LDADD)
- link-ldadd += $(ldflags-external)
-@@ -56,7 +61,7 @@ link-script-cppflags := \
- $(cppflagscore))
-
- ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
-- $(call ld-option,--no-warn-rwx-segments) \
-+ $(link-ldflags-common) \
- $(link-objs) $(link-ldadd) $(libgcccore)
- cleanfiles += $(link-out-dir)/all_objs.o
- $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST)
-@@ -70,7 +75,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
- $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
-
- unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
-- $(call ld-option,--no-warn-rwx-segments)
-+ $(link-ldflags-common)
- unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
- cleanfiles += $(link-out-dir)/unpaged.o
- $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
-@@ -99,7 +104,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
- $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
-
- init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
-- $(call ld-option,--no-warn-rwx-segments)
-+ $(link-ldflags-common)
- init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \
- $(libgcccore)
- cleanfiles += $(link-out-dir)/init.o
-diff --git a/ldelf/link.mk b/ldelf/link.mk
-index 64c8212a06fa..bd49551e7065 100644
---- a/ldelf/link.mk
-+++ b/ldelf/link.mk
-@@ -20,6 +20,9 @@ link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment
- ifeq ($(CFG_CORE_BTI),y)
- link-ldflags += $(call ld-option,-z force-bti) --fatal-warnings
- endif
-+ifeq ($(CFG_ARM32_$(sm)), y)
-+link-ldflags += $(call ld-option,--no-warn-execstack)
-+endif
- link-ldflags += $(link-ldflags$(sm))
-
- link-ldadd = $(addprefix -L,$(libdirs))
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
deleted file mode 100644
index e82fdc7..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
+++ /dev/null
@@ -1,127 +0,0 @@
-From 1a991cbedf8647d5a1e7c312614f7867c3940968 Mon Sep 17 00:00:00 2001
-From: Jerome Forissier <jerome.forissier@linaro.org>
-Date: Tue, 23 Aug 2022 12:31:46 +0000
-Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to
-
- .S files
-
-When building for arm32 with GNU binutils 2.39, the linker outputs
-warnings when linking Trusted Applications:
-
- arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack
- arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
-
-We could silence the warning by adding the '-z execstack' option to the
-TA link flags, like we did in the parent commit for the TEE core and
-ldelf. Indeed, ldelf always allocates a non-executable piece of memory
-for the TA to use as a stack.
-
-However it seems preferable to comply with the common ELF practices in
-this case. A better fix is therefore to add the missing .note.GNU-stack
-sections in the assembler files.
-
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
----
- lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++
- lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++
- lib/libutils/ext/arch/arm/mcount_a32.S | 2 ++
- lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S | 2 ++
- lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++
- lib/libutils/isoc/arch/arm/setjmp_a32.S | 2 ++
- ta/arch/arm/ta_entry_a32.S | 2 ++
- 7 files changed, 14 insertions(+)
-
-diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S
-index 6e621ca6e06d..af405f62723c 100644
---- a/lib/libutee/arch/arm/utee_syscalls_a32.S
-+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S
-@@ -7,6 +7,8 @@
- #include <tee_syscall_numbers.h>
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- .section .text
- .balign 4
- .code 32
-diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S
-index eaef6914734e..2be73ffadcc9 100644
---- a/lib/libutils/ext/arch/arm/atomic_a32.S
-+++ b/lib/libutils/ext/arch/arm/atomic_a32.S
-@@ -5,6 +5,8 @@
-
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /* uint32_t atomic_inc32(uint32_t *v); */
- FUNC atomic_inc32 , :
- ldrex r1, [r0]
-diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S
-index 51439a23014e..54dc3c02da66 100644
---- a/lib/libutils/ext/arch/arm/mcount_a32.S
-+++ b/lib/libutils/ext/arch/arm/mcount_a32.S
-@@ -7,6 +7,8 @@
-
- #if defined(CFG_TA_GPROF_SUPPORT) || defined(CFG_FTRACE_SUPPORT)
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /*
- * Convert return address to call site address by subtracting the size of the
- * mcount call instruction (blx __gnu_mcount_nc).
-diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-index a600c879668c..37ae9ec6f9f1 100644
---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-@@ -5,6 +5,8 @@
-
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /*
- * signed ret_idivmod_values(signed quot, signed rem);
- * return quotient and remaining the EABI way (regs r0,r1)
-diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-index 2dc50bc98bbf..5c3353e2c1ba 100644
---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-@@ -5,6 +5,8 @@
-
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /*
- * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d)
- */
-diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S
-index 43ea593758c9..f8a0b70df705 100644
---- a/lib/libutils/isoc/arch/arm/setjmp_a32.S
-+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S
-@@ -51,6 +51,8 @@
- #define SIZE(x)
- #endif
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /* Arm/Thumb interworking support:
-
- The interworking scheme expects functions to use a BX instruction
-diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S
-index d2f8a69daa7f..cd9a12f9dbf9 100644
---- a/ta/arch/arm/ta_entry_a32.S
-+++ b/ta/arch/arm/ta_entry_a32.S
-@@ -5,6 +5,8 @@
-
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /*
- * This function is the bottom of the user call stack. Mark it as such so that
- * the unwinding code won't try to go further down.
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
index 381cad9..e6fe716 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
@@ -20,10 +20,11 @@
file. Used by Trusted OS (BL32), that is, OP-TEE in this case
Link: [2] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=25ae7ad1878244f78206cc7c91f7bdbd267331a1
-Upstream-Status: Accepted
-
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
+
+Upstream-Status: Backport [f1f431c7a92671b4fa397976d381cc5ad8adacc4]
+Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
core/arch/arm/kernel/boot.c | 8 +++++++-
core/arch/arm/kernel/entry_a64.S | 17 ++++++++---------
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
index 5421b10..da0422b 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
@@ -9,10 +9,11 @@
retrieve it later. This is necessary for the CFG_CORE_SEL1_SPMC use
case, because the SPMC manifest is passed in this DT.
-Upstream-Status: Accepted
-
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
+
+Upstream-Status: Backport [809fa817ae6331d98b55f7afaa3c20f8407822e4]
+Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
core/arch/arm/kernel/boot.c | 60 ++++++++++++++++++++++-
core/arch/arm/kernel/entry_a32.S | 3 +-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/CVE-2023-41325.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/CVE-2023-41325.patch
new file mode 100644
index 0000000..08acce0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/CVE-2023-41325.patch
@@ -0,0 +1,634 @@
+From 800627f054959aac0dd3527495ee3fad0137600a Mon Sep 17 00:00:00 2001
+From: Jihwan Park <jihwp@amazon.com>
+Date: Mon, 3 Jul 2023 08:51:47 +0200
+Subject: [PATCH] core: crypto_bignum_free(): add indirection and set pointer
+ to NULL
+
+To prevent human mistake, crypto_bignum_free() sets the location of the
+bignum pointer to NULL after freeing it.
+
+Signed-off-by: Jihwan Park <jihwp@amazon.com>
+Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
+Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
+Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
+Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
+
+CVE: CVE-2023-41325
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ core/crypto/crypto.c | 4 +--
+ core/drivers/crypto/caam/acipher/caam_dh.c | 8 ++---
+ core/drivers/crypto/caam/acipher/caam_dsa.c | 14 ++++----
+ core/drivers/crypto/caam/acipher/caam_ecc.c | 10 +++---
+ core/drivers/crypto/caam/acipher/caam_rsa.c | 24 ++++++-------
+ core/drivers/crypto/se050/core/ecc.c | 14 ++++----
+ core/drivers/crypto/se050/core/rsa.c | 38 ++++++++++-----------
+ core/drivers/crypto/versal/ecc.c | 6 ++--
+ core/include/crypto/crypto.h | 2 +-
+ core/lib/libtomcrypt/dh.c | 8 ++---
+ core/lib/libtomcrypt/dsa.c | 14 ++++----
+ core/lib/libtomcrypt/ecc.c | 10 +++---
+ core/lib/libtomcrypt/mpi_desc.c | 9 +++--
+ core/lib/libtomcrypt/rsa.c | 22 ++++++------
+ core/tee/tee_svc_cryp.c | 7 ++--
+ lib/libmbedtls/core/bignum.c | 9 +++--
+ lib/libmbedtls/core/dh.c | 8 ++---
+ lib/libmbedtls/core/ecc.c | 10 +++---
+ lib/libmbedtls/core/rsa.c | 22 ++++++------
+ 19 files changed, 122 insertions(+), 117 deletions(-)
+
+diff --git a/core/crypto/crypto.c b/core/crypto/crypto.c
+index 9f7d35097..60cb89a31 100644
+--- a/core/crypto/crypto.c
++++ b/core/crypto/crypto.c
+@@ -498,9 +498,9 @@ void crypto_bignum_copy(struct bignum *to __unused,
+ bignum_cant_happen();
+ }
+
+-void crypto_bignum_free(struct bignum *a)
++void crypto_bignum_free(struct bignum **a)
+ {
+- if (a)
++ if (a && *a)
+ panic();
+ }
+
+diff --git a/core/drivers/crypto/caam/acipher/caam_dh.c b/core/drivers/crypto/caam/acipher/caam_dh.c
+index 6131ff0ef..35fc44541 100644
+--- a/core/drivers/crypto/caam/acipher/caam_dh.c
++++ b/core/drivers/crypto/caam/acipher/caam_dh.c
+@@ -195,10 +195,10 @@ static TEE_Result do_allocate_keypair(struct dh_keypair *key, size_t size_bits)
+ err:
+ DH_TRACE("Allocation error");
+
+- crypto_bignum_free(key->g);
+- crypto_bignum_free(key->p);
+- crypto_bignum_free(key->x);
+- crypto_bignum_free(key->y);
++ crypto_bignum_free(&key->g);
++ crypto_bignum_free(&key->p);
++ crypto_bignum_free(&key->x);
++ crypto_bignum_free(&key->y);
+
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+diff --git a/core/drivers/crypto/caam/acipher/caam_dsa.c b/core/drivers/crypto/caam/acipher/caam_dsa.c
+index 2696f0b3c..d60bb8e89 100644
+--- a/core/drivers/crypto/caam/acipher/caam_dsa.c
++++ b/core/drivers/crypto/caam/acipher/caam_dsa.c
+@@ -309,10 +309,10 @@ static TEE_Result do_allocate_keypair(struct dsa_keypair *key, size_t l_bits,
+ err:
+ DSA_TRACE("Allocation error");
+
+- crypto_bignum_free(key->g);
+- crypto_bignum_free(key->p);
+- crypto_bignum_free(key->q);
+- crypto_bignum_free(key->x);
++ crypto_bignum_free(&key->g);
++ crypto_bignum_free(&key->p);
++ crypto_bignum_free(&key->q);
++ crypto_bignum_free(&key->x);
+
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -358,9 +358,9 @@ static TEE_Result do_allocate_publickey(struct dsa_public_key *key,
+ err:
+ DSA_TRACE("Allocation error");
+
+- crypto_bignum_free(key->g);
+- crypto_bignum_free(key->p);
+- crypto_bignum_free(key->q);
++ crypto_bignum_free(&key->g);
++ crypto_bignum_free(&key->p);
++ crypto_bignum_free(&key->q);
+
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+diff --git a/core/drivers/crypto/caam/acipher/caam_ecc.c b/core/drivers/crypto/caam/acipher/caam_ecc.c
+index 90e87c20a..6b12b6cbe 100644
+--- a/core/drivers/crypto/caam/acipher/caam_ecc.c
++++ b/core/drivers/crypto/caam/acipher/caam_ecc.c
+@@ -169,8 +169,8 @@ static TEE_Result do_allocate_keypair(struct ecc_keypair *key, size_t size_bits)
+ err:
+ ECC_TRACE("Allocation error");
+
+- crypto_bignum_free(key->d);
+- crypto_bignum_free(key->x);
++ crypto_bignum_free(&key->d);
++ crypto_bignum_free(&key->x);
+
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -204,7 +204,7 @@ static TEE_Result do_allocate_publickey(struct ecc_public_key *key,
+ err:
+ ECC_TRACE("Allocation error");
+
+- crypto_bignum_free(key->x);
++ crypto_bignum_free(&key->x);
+
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -216,8 +216,8 @@ err:
+ */
+ static void do_free_publickey(struct ecc_public_key *key)
+ {
+- crypto_bignum_free(key->x);
+- crypto_bignum_free(key->y);
++ crypto_bignum_free(&key->x);
++ crypto_bignum_free(&key->y);
+ }
+
+ /*
+diff --git a/core/drivers/crypto/caam/acipher/caam_rsa.c b/core/drivers/crypto/caam/acipher/caam_rsa.c
+index e860c641c..b59ab0b6e 100644
+--- a/core/drivers/crypto/caam/acipher/caam_rsa.c
++++ b/core/drivers/crypto/caam/acipher/caam_rsa.c
+@@ -86,14 +86,14 @@ static uint8_t caam_era;
+ */
+ static void do_free_keypair(struct rsa_keypair *key)
+ {
+- crypto_bignum_free(key->e);
+- crypto_bignum_free(key->d);
+- crypto_bignum_free(key->n);
+- crypto_bignum_free(key->p);
+- crypto_bignum_free(key->q);
+- crypto_bignum_free(key->qp);
+- crypto_bignum_free(key->dp);
+- crypto_bignum_free(key->dq);
++ crypto_bignum_free(&key->e);
++ crypto_bignum_free(&key->d);
++ crypto_bignum_free(&key->n);
++ crypto_bignum_free(&key->p);
++ crypto_bignum_free(&key->q);
++ crypto_bignum_free(&key->qp);
++ crypto_bignum_free(&key->dp);
++ crypto_bignum_free(&key->dq);
+ }
+
+ /*
+@@ -435,8 +435,8 @@ static TEE_Result do_allocate_publickey(struct rsa_public_key *key,
+ err_alloc_publickey:
+ RSA_TRACE("Allocation error");
+
+- crypto_bignum_free(key->e);
+- crypto_bignum_free(key->n);
++ crypto_bignum_free(&key->e);
++ crypto_bignum_free(&key->n);
+
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -448,8 +448,8 @@ err_alloc_publickey:
+ */
+ static void do_free_publickey(struct rsa_public_key *key)
+ {
+- crypto_bignum_free(key->e);
+- crypto_bignum_free(key->n);
++ crypto_bignum_free(&key->e);
++ crypto_bignum_free(&key->n);
+ }
+
+ /*
+diff --git a/core/drivers/crypto/se050/core/ecc.c b/core/drivers/crypto/se050/core/ecc.c
+index d74334760..52f82c69d 100644
+--- a/core/drivers/crypto/se050/core/ecc.c
++++ b/core/drivers/crypto/se050/core/ecc.c
+@@ -752,9 +752,9 @@ static TEE_Result do_alloc_keypair(struct ecc_keypair *s,
+ goto err;
+ return TEE_SUCCESS;
+ err:
+- crypto_bignum_free(s->d);
+- crypto_bignum_free(s->x);
+- crypto_bignum_free(s->y);
++ crypto_bignum_free(&s->d);
++ crypto_bignum_free(&s->x);
++ crypto_bignum_free(&s->y);
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+
+@@ -768,8 +768,8 @@ static TEE_Result do_alloc_publickey(struct ecc_public_key *s,
+ goto err;
+ return TEE_SUCCESS;
+ err:
+- crypto_bignum_free(s->x);
+- crypto_bignum_free(s->y);
++ crypto_bignum_free(&s->x);
++ crypto_bignum_free(&s->y);
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+
+@@ -778,8 +778,8 @@ static void do_free_publickey(struct ecc_public_key *s)
+ if (!s)
+ return;
+
+- crypto_bignum_free(s->x);
+- crypto_bignum_free(s->y);
++ crypto_bignum_free(&s->x);
++ crypto_bignum_free(&s->y);
+ }
+
+ static struct drvcrypt_ecc driver_ecc = {
+diff --git a/core/drivers/crypto/se050/core/rsa.c b/core/drivers/crypto/se050/core/rsa.c
+index 815abb3cd..475d2b99a 100644
+--- a/core/drivers/crypto/se050/core/rsa.c
++++ b/core/drivers/crypto/se050/core/rsa.c
+@@ -537,14 +537,14 @@ static TEE_Result do_alloc_keypair(struct rsa_keypair *s,
+
+ return TEE_SUCCESS;
+ err:
+- crypto_bignum_free(s->e);
+- crypto_bignum_free(s->d);
+- crypto_bignum_free(s->n);
+- crypto_bignum_free(s->p);
+- crypto_bignum_free(s->q);
+- crypto_bignum_free(s->qp);
+- crypto_bignum_free(s->dp);
+- crypto_bignum_free(s->dq);
++ crypto_bignum_free(&s->e);
++ crypto_bignum_free(&s->d);
++ crypto_bignum_free(&s->n);
++ crypto_bignum_free(&s->p);
++ crypto_bignum_free(&s->q);
++ crypto_bignum_free(&s->qp);
++ crypto_bignum_free(&s->dp);
++ crypto_bignum_free(&s->dq);
+
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -556,7 +556,7 @@ static TEE_Result do_alloc_publickey(struct rsa_public_key *s,
+ if (!bn_alloc_max(&s->e))
+ return TEE_ERROR_OUT_OF_MEMORY;
+ if (!bn_alloc_max(&s->n)) {
+- crypto_bignum_free(s->e);
++ crypto_bignum_free(&s->e);
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+
+@@ -566,8 +566,8 @@ static TEE_Result do_alloc_publickey(struct rsa_public_key *s,
+ static void do_free_publickey(struct rsa_public_key *s)
+ {
+ if (s) {
+- crypto_bignum_free(s->n);
+- crypto_bignum_free(s->e);
++ crypto_bignum_free(&s->n);
++ crypto_bignum_free(&s->e);
+ }
+ }
+
+@@ -587,14 +587,14 @@ static void do_free_keypair(struct rsa_keypair *s)
+ sss_se05x_key_store_erase_key(se050_kstore, &k_object);
+ }
+
+- crypto_bignum_free(s->e);
+- crypto_bignum_free(s->d);
+- crypto_bignum_free(s->n);
+- crypto_bignum_free(s->p);
+- crypto_bignum_free(s->q);
+- crypto_bignum_free(s->qp);
+- crypto_bignum_free(s->dp);
+- crypto_bignum_free(s->dq);
++ crypto_bignum_free(&s->e);
++ crypto_bignum_free(&s->d);
++ crypto_bignum_free(&s->n);
++ crypto_bignum_free(&s->p);
++ crypto_bignum_free(&s->q);
++ crypto_bignum_free(&s->qp);
++ crypto_bignum_free(&s->dp);
++ crypto_bignum_free(&s->dq);
+ }
+
+ static TEE_Result do_gen_keypair(struct rsa_keypair *key, size_t kb)
+diff --git a/core/drivers/crypto/versal/ecc.c b/core/drivers/crypto/versal/ecc.c
+index 3d5454509..18ec4f78d 100644
+--- a/core/drivers/crypto/versal/ecc.c
++++ b/core/drivers/crypto/versal/ecc.c
+@@ -284,9 +284,9 @@ static TEE_Result sign(uint32_t algo, struct ecc_keypair *key,
+
+ versal_mbox_alloc(bytes, NULL, &k);
+ crypto_bignum_bn2bin_eswap(key->curve, ephemeral.d, k.buf);
+- crypto_bignum_free(ephemeral.d);
+- crypto_bignum_free(ephemeral.x);
+- crypto_bignum_free(ephemeral.y);
++ crypto_bignum_free(&ephemeral.d);
++ crypto_bignum_free(&ephemeral.x);
++ crypto_bignum_free(&ephemeral.y);
+
+ /* Private key*/
+ versal_mbox_alloc(bytes, NULL, &d);
+diff --git a/core/include/crypto/crypto.h b/core/include/crypto/crypto.h
+index 71a287ec6..0e6c139ce 100644
+--- a/core/include/crypto/crypto.h
++++ b/core/include/crypto/crypto.h
+@@ -98,7 +98,7 @@ size_t crypto_bignum_num_bytes(struct bignum *a);
+ size_t crypto_bignum_num_bits(struct bignum *a);
+ void crypto_bignum_bn2bin(const struct bignum *from, uint8_t *to);
+ void crypto_bignum_copy(struct bignum *to, const struct bignum *from);
+-void crypto_bignum_free(struct bignum *a);
++void crypto_bignum_free(struct bignum **a);
+ void crypto_bignum_clear(struct bignum *a);
+
+ /* return -1 if a<b, 0 if a==b, +1 if a>b */
+diff --git a/core/lib/libtomcrypt/dh.c b/core/lib/libtomcrypt/dh.c
+index 4eb9916f2..b1d0a4d00 100644
+--- a/core/lib/libtomcrypt/dh.c
++++ b/core/lib/libtomcrypt/dh.c
+@@ -28,10 +28,10 @@ TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s,
+ goto err;
+ return TEE_SUCCESS;
+ err:
+- crypto_bignum_free(s->g);
+- crypto_bignum_free(s->p);
+- crypto_bignum_free(s->y);
+- crypto_bignum_free(s->x);
++ crypto_bignum_free(&s->g);
++ crypto_bignum_free(&s->p);
++ crypto_bignum_free(&s->y);
++ crypto_bignum_free(&s->x);
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+
+diff --git a/core/lib/libtomcrypt/dsa.c b/core/lib/libtomcrypt/dsa.c
+index a2dc720ed..d6243c469 100644
+--- a/core/lib/libtomcrypt/dsa.c
++++ b/core/lib/libtomcrypt/dsa.c
+@@ -30,10 +30,10 @@ TEE_Result crypto_acipher_alloc_dsa_keypair(struct dsa_keypair *s,
+ goto err;
+ return TEE_SUCCESS;
+ err:
+- crypto_bignum_free(s->g);
+- crypto_bignum_free(s->p);
+- crypto_bignum_free(s->q);
+- crypto_bignum_free(s->y);
++ crypto_bignum_free(&s->g);
++ crypto_bignum_free(&s->p);
++ crypto_bignum_free(&s->q);
++ crypto_bignum_free(&s->y);
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+
+@@ -52,9 +52,9 @@ TEE_Result crypto_acipher_alloc_dsa_public_key(struct dsa_public_key *s,
+ goto err;
+ return TEE_SUCCESS;
+ err:
+- crypto_bignum_free(s->g);
+- crypto_bignum_free(s->p);
+- crypto_bignum_free(s->q);
++ crypto_bignum_free(&s->g);
++ crypto_bignum_free(&s->p);
++ crypto_bignum_free(&s->q);
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+
+diff --git a/core/lib/libtomcrypt/ecc.c b/core/lib/libtomcrypt/ecc.c
+index 938378247..fa645e17a 100644
+--- a/core/lib/libtomcrypt/ecc.c
++++ b/core/lib/libtomcrypt/ecc.c
+@@ -18,8 +18,8 @@ static void _ltc_ecc_free_public_key(struct ecc_public_key *s)
+ if (!s)
+ return;
+
+- crypto_bignum_free(s->x);
+- crypto_bignum_free(s->y);
++ crypto_bignum_free(&s->x);
++ crypto_bignum_free(&s->y);
+ }
+
+ /*
+@@ -465,8 +465,8 @@ TEE_Result crypto_asym_alloc_ecc_keypair(struct ecc_keypair *s,
+ err:
+ s->ops = NULL;
+
+- crypto_bignum_free(s->d);
+- crypto_bignum_free(s->x);
++ crypto_bignum_free(&s->d);
++ crypto_bignum_free(&s->x);
+
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -541,7 +541,7 @@ TEE_Result crypto_asym_alloc_ecc_public_key(struct ecc_public_key *s,
+ err:
+ s->ops = NULL;
+
+- crypto_bignum_free(s->x);
++ crypto_bignum_free(&s->x);
+
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+diff --git a/core/lib/libtomcrypt/mpi_desc.c b/core/lib/libtomcrypt/mpi_desc.c
+index 235fbe630..ff8dd13c7 100644
+--- a/core/lib/libtomcrypt/mpi_desc.c
++++ b/core/lib/libtomcrypt/mpi_desc.c
+@@ -763,10 +763,13 @@ struct bignum *crypto_bignum_allocate(size_t size_bits)
+ return (struct bignum *)bn;
+ }
+
+-void crypto_bignum_free(struct bignum *s)
++void crypto_bignum_free(struct bignum **s)
+ {
+- mbedtls_mpi_free((mbedtls_mpi *)s);
+- free(s);
++ assert(s);
++
++ mbedtls_mpi_free((mbedtls_mpi *)*s);
++ free(*s);
++ *s = NULL;
+ }
+
+ void crypto_bignum_clear(struct bignum *s)
+diff --git a/core/lib/libtomcrypt/rsa.c b/core/lib/libtomcrypt/rsa.c
+index 8d0443f36..13ed23934 100644
+--- a/core/lib/libtomcrypt/rsa.c
++++ b/core/lib/libtomcrypt/rsa.c
+@@ -131,7 +131,7 @@ TEE_Result sw_crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s,
+ goto err;
+ return TEE_SUCCESS;
+ err:
+- crypto_bignum_free(s->e);
++ crypto_bignum_free(&s->e);
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+
+@@ -143,8 +143,8 @@ void sw_crypto_acipher_free_rsa_public_key(struct rsa_public_key *s)
+ {
+ if (!s)
+ return;
+- crypto_bignum_free(s->n);
+- crypto_bignum_free(s->e);
++ crypto_bignum_free(&s->n);
++ crypto_bignum_free(&s->e);
+ }
+
+
+@@ -155,14 +155,14 @@ void sw_crypto_acipher_free_rsa_keypair(struct rsa_keypair *s)
+ {
+ if (!s)
+ return;
+- crypto_bignum_free(s->e);
+- crypto_bignum_free(s->d);
+- crypto_bignum_free(s->n);
+- crypto_bignum_free(s->p);
+- crypto_bignum_free(s->q);
+- crypto_bignum_free(s->qp);
+- crypto_bignum_free(s->dp);
+- crypto_bignum_free(s->dq);
++ crypto_bignum_free(&s->e);
++ crypto_bignum_free(&s->d);
++ crypto_bignum_free(&s->n);
++ crypto_bignum_free(&s->p);
++ crypto_bignum_free(&s->q);
++ crypto_bignum_free(&s->qp);
++ crypto_bignum_free(&s->dp);
++ crypto_bignum_free(&s->dq);
+ }
+
+ TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key,
+diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c
+index 534e5ac39..880809753 100644
+--- a/core/tee/tee_svc_cryp.c
++++ b/core/tee/tee_svc_cryp.c
+@@ -869,8 +869,7 @@ static void op_attr_bignum_free(void *attr)
+ {
+ struct bignum **bn = attr;
+
+- crypto_bignum_free(*bn);
+- *bn = NULL;
++ crypto_bignum_free(bn);
+ }
+
+ static TEE_Result op_attr_value_from_user(void *attr, const void *buffer,
+@@ -3445,8 +3444,8 @@ TEE_Result syscall_cryp_derive_key(unsigned long state,
+ } else {
+ res = TEE_ERROR_OUT_OF_MEMORY;
+ }
+- crypto_bignum_free(pub);
+- crypto_bignum_free(ss);
++ crypto_bignum_free(&pub);
++ crypto_bignum_free(&ss);
+ } else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_ECDH) {
+ struct ecc_public_key key_public;
+ uint8_t *pt_secret;
+diff --git a/lib/libmbedtls/core/bignum.c b/lib/libmbedtls/core/bignum.c
+index 61f6c5c60..dea30f61a 100644
+--- a/lib/libmbedtls/core/bignum.c
++++ b/lib/libmbedtls/core/bignum.c
+@@ -87,10 +87,13 @@ struct bignum *crypto_bignum_allocate(size_t size_bits)
+ return (struct bignum *)bn;
+ }
+
+-void crypto_bignum_free(struct bignum *s)
++void crypto_bignum_free(struct bignum **s)
+ {
+- mbedtls_mpi_free((mbedtls_mpi *)s);
+- free(s);
++ assert(s);
++
++ mbedtls_mpi_free((mbedtls_mpi *)*s);
++ free(*s);
++ *s = NULL;
+ }
+
+ void crypto_bignum_clear(struct bignum *s)
+diff --git a/lib/libmbedtls/core/dh.c b/lib/libmbedtls/core/dh.c
+index b3415aaa7..e95aa1495 100644
+--- a/lib/libmbedtls/core/dh.c
++++ b/lib/libmbedtls/core/dh.c
+@@ -35,10 +35,10 @@ TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s,
+ goto err;
+ return TEE_SUCCESS;
+ err:
+- crypto_bignum_free(s->g);
+- crypto_bignum_free(s->p);
+- crypto_bignum_free(s->y);
+- crypto_bignum_free(s->x);
++ crypto_bignum_free(&s->g);
++ crypto_bignum_free(&s->p);
++ crypto_bignum_free(&s->y);
++ crypto_bignum_free(&s->x);
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+
+diff --git a/lib/libmbedtls/core/ecc.c b/lib/libmbedtls/core/ecc.c
+index fd4a51b9d..46cd9fd1c 100644
+--- a/lib/libmbedtls/core/ecc.c
++++ b/lib/libmbedtls/core/ecc.c
+@@ -40,8 +40,8 @@ static void ecc_free_public_key(struct ecc_public_key *s)
+ if (!s)
+ return;
+
+- crypto_bignum_free(s->x);
+- crypto_bignum_free(s->y);
++ crypto_bignum_free(&s->x);
++ crypto_bignum_free(&s->y);
+ }
+
+ /*
+@@ -484,8 +484,8 @@ TEE_Result crypto_asym_alloc_ecc_keypair(struct ecc_keypair *s,
+ return TEE_SUCCESS;
+
+ err:
+- crypto_bignum_free(s->d);
+- crypto_bignum_free(s->x);
++ crypto_bignum_free(&s->d);
++ crypto_bignum_free(&s->x);
+
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -581,7 +581,7 @@ TEE_Result crypto_asym_alloc_ecc_public_key(struct ecc_public_key *s,
+ return TEE_SUCCESS;
+
+ err:
+- crypto_bignum_free(s->x);
++ crypto_bignum_free(&s->x);
+
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+diff --git a/lib/libmbedtls/core/rsa.c b/lib/libmbedtls/core/rsa.c
+index c3b5be509..a8aeb2c04 100644
+--- a/lib/libmbedtls/core/rsa.c
++++ b/lib/libmbedtls/core/rsa.c
+@@ -183,7 +183,7 @@ TEE_Result sw_crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s,
+ goto err;
+ return TEE_SUCCESS;
+ err:
+- crypto_bignum_free(s->e);
++ crypto_bignum_free(&s->e);
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+
+@@ -194,8 +194,8 @@ void sw_crypto_acipher_free_rsa_public_key(struct rsa_public_key *s)
+ {
+ if (!s)
+ return;
+- crypto_bignum_free(s->n);
+- crypto_bignum_free(s->e);
++ crypto_bignum_free(&s->n);
++ crypto_bignum_free(&s->e);
+ }
+
+ void crypto_acipher_free_rsa_keypair(struct rsa_keypair *s)
+@@ -205,14 +205,14 @@ void sw_crypto_acipher_free_rsa_keypair(struct rsa_keypair *s)
+ {
+ if (!s)
+ return;
+- crypto_bignum_free(s->e);
+- crypto_bignum_free(s->d);
+- crypto_bignum_free(s->n);
+- crypto_bignum_free(s->p);
+- crypto_bignum_free(s->q);
+- crypto_bignum_free(s->qp);
+- crypto_bignum_free(s->dp);
+- crypto_bignum_free(s->dq);
++ crypto_bignum_free(&s->e);
++ crypto_bignum_free(&s->d);
++ crypto_bignum_free(&s->n);
++ crypto_bignum_free(&s->p);
++ crypto_bignum_free(&s->q);
++ crypto_bignum_free(&s->qp);
++ crypto_bignum_free(&s->dp);
++ crypto_bignum_free(&s->dq);
+ }
+
+ TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key,
+--
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
new file mode 100644
index 0000000..392e8d8
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
@@ -0,0 +1,34 @@
+From 02ea8e616ac615efe3507d627dfba9820d3357f6 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Tue, 26 May 2020 14:38:02 -0500
+Subject: [PATCH] allow setting sysroot for libgcc lookup
+
+Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching
+for the compiler libraries as there's no easy way to reliably pass --sysroot
+otherwise.
+
+Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ mk/gcc.mk | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/mk/gcc.mk b/mk/gcc.mk
+index adc77a24f25e..81bfa78ad8d7 100644
+--- a/mk/gcc.mk
++++ b/mk/gcc.mk
+@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \
+ -print-file-name=include 2> /dev/null)
+
+ # Get location of libgcc from gcc
+-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
++libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
+ -print-libgcc-file-name 2> /dev/null)
+-libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
++libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+ -print-file-name=libstdc++.a 2> /dev/null)
+-libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
++libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+ -print-file-name=libgcc_eh.a 2> /dev/null)
+
+ # Define these to something to discover accidental use
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch
new file mode 100644
index 0000000..15bdf07
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch
@@ -0,0 +1,240 @@
+From 6f588813a170a671ebf1d6b51cebc7bc761295dc Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 21 Dec 2022 10:55:58 +0000
+Subject: [PATCH] core: Define section attributes for clang
+
+Clang's attribute section is not same as gcc, here we need to add flags
+to sections so they can be eventually collected by linker into final
+output segments. Only way to do so with clang is to use
+
+pragma clang section ...
+
+The behavious is described here [1], this allows us to define names bss
+sections. This was not an issue until clang-15 where LLD linker starts
+to detect the section flags before merging them and throws the following
+errors
+
+| ld.lld: error: section type mismatch for .nozi.kdata_page
+| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/kernel/thread.o:(.nozi.kdata_page): SHT_PROGBITS
+| >>> output section .nozi: SHT_NOBITS
+|
+| ld.lld: error: section type mismatch for .nozi.mmu.l2
+| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/mm/core_mmu_lpae.o:(.nozi.mmu.l2): SHT_PROGBITS
+| >>> output section .nozi: SHT_NOBITS
+
+These sections should be carrying SHT_NOBITS but so far it was not
+possible to do so, this patch tries to use clangs pragma to get this
+going and match the functionality with gcc.
+
+[1] https://intel.github.io/llvm-docs/clang/LanguageExtensions.html#specifying-section-names-for-global-objects-pragma-clang-section
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ core/arch/arm/kernel/thread.c | 19 +++++++++++++++--
+ core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++----
+ core/arch/arm/mm/core_mmu_v7.c | 36 +++++++++++++++++++++++++++++---
+ core/arch/arm/mm/pgt_cache.c | 12 ++++++++++-
+ core/kernel/thread.c | 13 +++++++++++-
+ 5 files changed, 104 insertions(+), 11 deletions(-)
+
+diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
+index 4487ef026df9..f3624389611b 100644
+--- a/core/arch/arm/kernel/thread.c
++++ b/core/arch/arm/kernel/thread.c
+@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss;
+ #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \
+ defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64)
+ long thread_user_kdata_sp_offset __nex_bss;
++#ifdef __clang__
++#ifndef CFG_VIRTUALIZATION
++#pragma clang section bss=".nozi.kdata_page"
++#else
++#pragma clang section bss=".nex_nozi.kdata_page"
++#endif
++#endif
+ static uint8_t thread_user_kdata_page[
+ ROUNDUP(sizeof(struct thread_core_local) * CFG_TEE_CORE_NB_CORE,
+ SMALL_PAGE_SIZE)]
+ __aligned(SMALL_PAGE_SIZE)
++#ifndef __clang__
+ #ifndef CFG_NS_VIRTUALIZATION
+- __section(".nozi.kdata_page");
++ __section(".nozi.kdata_page")
+ #else
+- __section(".nex_nozi.kdata_page");
++ __section(".nex_nozi.kdata_page")
+ #endif
++#endif
++ ;
++#endif
++
++/* reset BSS section to default ( .bss ) */
++#ifdef __clang__
++#pragma clang section bss=""
+ #endif
+
+ #ifdef ARM32
+diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c
+index 7e79f780ad28..ec4db9dc98c5 100644
+--- a/core/arch/arm/mm/core_mmu_lpae.c
++++ b/core/arch/arm/mm/core_mmu_lpae.c
+@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t;
+ typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES];
+ typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES];
+
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.base_table"
++#endif
+ static base_xlat_tbls_t base_xlation_table[NUM_BASE_TABLES]
+ __aligned(NUM_BASE_LEVEL_ENTRIES * XLAT_ENTRY_SIZE)
+- __section(".nozi.mmu.base_table");
++#ifndef __clang__
++ __section(".nozi.mmu.base_table")
++#endif
++;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.l2"
++#endif
+ static xlat_tbl_t xlat_tables[MAX_XLAT_TABLES]
+- __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2");
++ __aligned(XLAT_TABLE_SIZE)
++#ifndef __clang__
++ __section(".nozi.mmu.l2")
++#endif
++;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+
+ #define XLAT_TABLES_SIZE (sizeof(xlat_tbl_t) * MAX_XLAT_TABLES)
+
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.l2"
++#endif
+ /* MMU L2 table for TAs, one for each thread */
+ static xlat_tbl_t xlat_tables_ul1[CFG_NUM_THREADS]
+- __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2");
+-
++#ifndef __clang__
++ __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2")
++#endif
++;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+ /*
+ * TAs page table entry inside a level 1 page table.
+ *
+diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c
+index 61e703da89c8..1960c08ca688 100644
+--- a/core/arch/arm/mm/core_mmu_v7.c
++++ b/core/arch/arm/mm/core_mmu_v7.c
+@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES];
+ typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES];
+ typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES];
+
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.l1"
++#endif
+ static l1_xlat_tbl_t main_mmu_l1_ttb
+- __aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1");
++ __aligned(L1_ALIGNMENT)
++#ifndef __clang__
++ __section(".nozi.mmu.l1")
++#endif
++;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+
+ /* L2 MMU tables */
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.l2"
++#endif
+ static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES]
+- __aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2");
++ __aligned(L2_ALIGNMENT)
++#ifndef __clang__
++ __section(".nozi.mmu.l2")
++#endif
++;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+
+ /* MMU L1 table for TAs, one for each thread */
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.ul1"
++#endif
+ static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS]
+- __aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1");
++ __aligned(UL1_ALIGNMENT)
++#ifndef __clang__
++ __section(".nozi.mmu.ul1")
++#endif
++;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+
+ struct mmu_partition {
+ l1_xlat_tbl_t *l1_table;
+diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c
+index 79553c6d2183..b9efdf42780b 100644
+--- a/core/arch/arm/mm/pgt_cache.c
++++ b/core/arch/arm/mm/pgt_cache.c
+@@ -410,8 +410,18 @@ void pgt_init(void)
+ * has a large alignment, while .bss has a small alignment. The current
+ * link script is optimized for small alignment in .bss
+ */
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.l2"
++#endif
+ static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE]
+- __aligned(PGT_SIZE) __section(".nozi.pgt_cache");
++ __aligned(PGT_SIZE)
++#ifndef __clang__
++ __section(".nozi.pgt_cache")
++#endif
++ ;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+ size_t n;
+
+ for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
+diff --git a/core/kernel/thread.c b/core/kernel/thread.c
+index 2a1f22dce635..5516b677141a 100644
+--- a/core/kernel/thread.c
++++ b/core/kernel/thread.c
+@@ -39,13 +39,24 @@ static uint32_t end_canary_value = 0xababab00;
+ name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1]
+ #endif
+
++#define DO_PRAGMA(x) _Pragma (#x)
++
++#ifdef __clang__
++#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
++DO_PRAGMA (clang section bss=".nozi_stack." #name) \
++linkage uint32_t name[num_stacks] \
++ [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
++ STACK_ALIGNMENT) / sizeof(uint32_t)] \
++ __attribute__((aligned(STACK_ALIGNMENT))); \
++DO_PRAGMA(clang section bss="")
++#else
+ #define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
+ linkage uint32_t name[num_stacks] \
+ [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
+ STACK_ALIGNMENT) / sizeof(uint32_t)] \
+ __attribute__((section(".nozi_stack." # name), \
+ aligned(STACK_ALIGNMENT)))
+-
++#endif
+ #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack))
+
+ DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE,
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch
new file mode 100644
index 0000000..b4ea8ed
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch
@@ -0,0 +1,29 @@
+From 9c55b7a4e39617c2abbf4e0e39fd8041c7b2b9b6 Mon Sep 17 00:00:00 2001
+From: Brett Warren <brett.warren@arm.com>
+Date: Wed, 23 Sep 2020 09:27:34 +0100
+Subject: [PATCH] optee: enable clang support
+
+When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used
+to provide a sysroot wasn't included, which results in not locating
+compiler-rt. This is mitigated by including the variable as ammended.
+
+Upstream-Status: Pending
+ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
+Signed-off-by: Brett Warren <brett.warren@arm.com>
+---
+ mk/clang.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mk/clang.mk b/mk/clang.mk
+index a045beee8482..1ebe2f702dcd 100644
+--- a/mk/clang.mk
++++ b/mk/clang.mk
+@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
+
+ # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of
+ # libgcc for clang
+-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
++libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
+ -rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null)
+
+ # Core ASLR relies on the executable being ready to run from its preferred load
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch
new file mode 100644
index 0000000..d418d46
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch
@@ -0,0 +1,62 @@
+From 3e191f732b3eba699b91ffd7ffa2ae0787f08947 Mon Sep 17 00:00:00 2001
+From: Jerome Forissier <jerome.forissier@linaro.org>
+Date: Fri, 5 Aug 2022 09:48:03 +0200
+Subject: [PATCH] core: link: add --no-warn-rwx-segments
+
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
+
+binutils ld.bfd generates one RWX LOAD segment by merging several sections
+with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
+also warns by default when that happens [1], which breaks the build due to
+--fatal-warnings. The RWX segment is not a problem for the TEE core, since
+that information is not used to set memory permissions. Therefore, silence
+the warning.
+
+Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448
+Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ core/arch/arm/kernel/link.mk | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
+index 49e9f4fa18a5..9e1cc172fb8a 100644
+--- a/core/arch/arm/kernel/link.mk
++++ b/core/arch/arm/kernel/link.mk
+@@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment
+ link-ldflags += --fatal-warnings
+ link-ldflags += --gc-sections
+ link-ldflags += $(link-ldflags-common)
++link-ldflags += $(call ld-option,--no-warn-rwx-segments)
+
+ link-ldadd = $(LDADD)
+ link-ldadd += $(ldflags-external)
+@@ -61,6 +62,7 @@ link-script-cppflags := \
+ $(cppflagscore))
+
+ ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
++ $(call ld-option,--no-warn-rwx-segments) \
+ $(link-ldflags-common) \
+ $(link-objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/all_objs.o
+@@ -75,7 +77,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
+ $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
+
+ unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
+- $(link-ldflags-common)
++ $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments)
+ unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/unpaged.o
+ $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
+@@ -104,7 +106,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
+ $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
+
+ init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
+- $(link-ldflags-common)
++ $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments)
+ init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \
+ $(libgcccore)
+ cleanfiles += $(link-out-dir)/init.o
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc
index 80a11b5..1b66cd5 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc
@@ -8,10 +8,9 @@
SRC_URI:append = " \
file://0001-core-arm-add-MPIDR-affinity-shift-and-mask-for-32-bi.patch \
file://0002-plat-n1sdp-add-N1SDP-platform-support.patch \
- file://0003-HACK-disable-instruction-cache-and-data-cache.patch \
- file://0004-Handle-logging-syscall.patch \
- file://0005-plat-n1sdp-register-DRAM1-to-optee-os.patch \
- file://0006-plat-n1sdp-add-external-device-tree-base-and-size.patch \
+ file://0003-Handle-logging-syscall.patch \
+ file://0004-plat-n1sdp-register-DRAM1-to-optee-os.patch \
+ file://0005-plat-n1sdp-add-external-device-tree-base-and-size.patch \
"
EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend
deleted file mode 100644
index 0cb9b05..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend
+++ /dev/null
@@ -1,6 +0,0 @@
-# Machine specific configurations
-
-MACHINE_OPTEE_OS_TADEVKIT_REQUIRE ?= ""
-MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:tc = "optee-os-tc.inc"
-
-require ${MACHINE_OPTEE_OS_TADEVKIT_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.22.0.bb
similarity index 66%
rename from meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bb
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.22.0.bb
index ff0baf8..4449616 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bb
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.22.0.bb
@@ -1,4 +1,4 @@
-require optee-os_3.18.0.bb
+require optee-os_3.22.0.bb
SUMMARY = "OP-TEE Trusted OS TA devkit"
DESCRIPTION = "OP-TEE TA devkit for build TAs"
@@ -22,3 +22,8 @@
# Build paths are currently embedded
INSANE_SKIP:${PN}-dev += "buildpaths"
+
+# Include extra headers needed by SPMC tests to TA DEVKIT.
+# Supported after op-tee v3.20
+EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+ ' CFG_SPMC_TESTS=y', '' , d)}"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bb
deleted file mode 100644
index 6e1e6ad..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bb
+++ /dev/null
@@ -1,15 +0,0 @@
-require recipes-security/optee/optee-os.inc
-
-DEPENDS += "dtc-native"
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/${P}:"
-
-SRCREV = "1ee647035939e073a2e8dddb727c0f019cc035f1"
-SRC_URI += " \
- file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
- file://0002-optee-enable-clang-support.patch \
- file://0003-core-link-add-no-warn-rwx-segments.patch \
- file://0004-core-Define-section-attributes-for-clang.patch \
- file://0005-core-ldelf-link-add-z-execstack.patch \
- file://0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \
- "
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend
deleted file mode 100644
index e276fb8..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend
+++ /dev/null
@@ -1,6 +0,0 @@
-# Machine specific configurations
-
-MACHINE_OPTEE_OS_REQUIRE ?= ""
-MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc"
-
-require ${MACHINE_OPTEE_OS_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb
index 0f3e58d..0638cf7 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb
@@ -14,4 +14,5 @@
file://0006-core-ffa-add-TOS_FW_CONFIG-handling.patch \
file://0007-core-spmc-handle-non-secure-interrupts.patch \
file://0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch \
+ file://CVE-2023-41325.patch \
"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bb
new file mode 100644
index 0000000..e122019
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bb
@@ -0,0 +1,13 @@
+require recipes-security/optee/optee-os.inc
+
+DEPENDS += "dtc-native"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/${P}:"
+
+SRCREV = "001ace6655dd6bb9cbe31aa31b4ba69746e1a1d9"
+SRC_URI += " \
+ file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
+ file://0002-core-Define-section-attributes-for-clang.patch \
+ file://0003-optee-enable-clang-support.patch \
+ file://0004-core-link-add-no-warn-rwx-segments.patch \
+ "
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bbappend
index b5493e5..ee4ca17 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bbappend
@@ -1,5 +1,7 @@
-# Machine specific configurations
+# Include Trusted Services Secure Partitions
+require recipes-security/optee/optee-os-ts.inc
+# Machine specific configurations
MACHINE_OPTEE_OS_REQUIRE ?= ""
MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os-corstone1000-common.inc"
MACHINE_OPTEE_OS_REQUIRE:n1sdp = "optee-os-n1sdp.inc"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bb
deleted file mode 100644
index cf8ea01..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bb
+++ /dev/null
@@ -1,10 +0,0 @@
-require recipes-security/optee/optee-test.inc
-
-SRC_URI += " \
- file://0001-xtest-regression_1000-remove-unneeded-stat.h-include.patch \
- "
-SRCREV = "da5282a011b40621a2cf7a296c11a35c833ed91b"
-
-EXTRA_OEMAKE:append:libc-musl = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}"
-DEPENDS:append:libc-musl = " openssl"
-CFLAGS:append:libc-musl = " -Wno-error=deprecated-declarations"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb
index 5f73d41..4409ad5 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb
@@ -6,7 +6,3 @@
file://0003-Update-arm_ffa_user-driver-dependency.patch \
"
SRCREV = "5db8ab4c733d5b2f4afac3e9aef0a26634c4b444"
-
-EXTRA_OEMAKE:append = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}"
-DEPENDS:append = " openssl"
-CFLAGS:append = " -Wno-error=deprecated-declarations"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.22.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.22.0.bb
new file mode 100644
index 0000000..eddf04d
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.22.0.bb
@@ -0,0 +1,14 @@
+require recipes-security/optee/optee-test.inc
+
+SRC_URI += " \
+ file://0001-xtest-regression_1000-remove-unneeded-stat.h-include.patch \
+ "
+SRCREV = "a286b57f1721af215ace318d5807e63f40186df6"
+
+# Include ffa_spmc test group if the SPMC test is enabled.
+# Supported after op-tee v3.20
+EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+ ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}"
+
+RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+ ' arm-ffa-user', '' , d)}"